MedDream PACS Premium Cross-Site Scripting Vulnerability (CNVD-2026-10669)

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the Download Zip feature. An attacker could exploit the...

CVE-2025-53516

A reflected cross-site scripting xss vulnerability exists in the downloadZip functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-53516

A reflected cross-site scripting xss vulnerability exists in the downloadZip functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-53516

A reflected cross-site scripting xss vulnerability exists in the downloadZip functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

MedDream PACS Premium 安全漏洞

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the Download Zip feature. An attacker could exploit the...

MedDream PACS Premium downloadZip reflected cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2025-2254 MedDream PACS Premium downloadZip reflected cross-site scripting XSS vulnerability January 20, 2026 CVE Number CVE-2025-53516 SUMMARY A reflected cross-site scripting xss vulnerability exists in the downloadZip functionality of MedDream PACS Premium...

EUVD-2025-199664

Files is a module for managing files inside spaces and user profiles. Prior to versions 0.16.11 and 0.17.2, insufficient authorization checks allow non-member users to create new folders, up- and download files as a ZIP archive in public spaces. Private spaces are not affected. This issue has bee...

EUVD-2025-35675

Path Traversal vulnerability in version 4.4.2236.1 of TESI Gandia Integra Total. This issue allows an authenticated attacker to download a ZIP file containing files from the server, including those located in parent directories e.g., ......, by exploiting the “direstudio” parameter in...

EUVD-2015-4723

Malware in sbrugna...

Malicious code in down-load-available-zip-now-9963-decemberunderground-v5ico-vdkxyl (npm)

The package down-load-available-zip-now-9963-decemberunderground-v5ico-vdkxyl was found to contain malicious code...

MAL-2025-18712 Malicious code in down-load-available-zip-now-9963-decemberunderground-v5ico-vdkxyl (npm)

The package down-load-available-zip-now-9963-decemberunderground-v5ico-vdkxyl was found to contain malicious code...

Malicious code in down-lo-ad-now-zip-mp3-90774-post-self-c09pn-xqmqrm (npm)

The package down-lo-ad-now-zip-mp3-90774-post-self-c09pn-xqmqrm was found to contain malicious code...

Malicious code in down-load-available-zip-now-8393-wait-for-me-jdvqg-evxzsz (npm)

The package down-load-available-zip-now-8393-wait-for-me-jdvqg-evxzsz was found to contain malicious code...

MAL-2025-18698 Malicious code in down-lo-ad-now-zip-mp3-37967-duality-g5efy-wezkck (npm)

The package down-lo-ad-now-zip-mp3-37967-duality-g5efy-wezkck was found to contain malicious code...

Malicious code in down-lo-ad-now-zip-mp3-122443-vibrations-1-nvkcw-inalaf (npm)

The package down-lo-ad-now-zip-mp3-122443-vibrations-1-nvkcw-inalaf was found to contain malicious code...

Malicious code in down-lo-ad-now-zip-mp3-37967-duality-g5efy-wezkck (npm)

The package down-lo-ad-now-zip-mp3-37967-duality-g5efy-wezkck was found to contain malicious code...

MAL-2025-18708 Malicious code in down-load-available-zip-now-242367-fad-bpemi-awgouw (npm)

The package down-load-available-zip-now-242367-fad-bpemi-awgouw was found to contain malicious code...

Malicious code in down-lo-ad-now-zip-mp3-261895-fake-it-flowers-fr14h-gmqthe (npm)

The package down-lo-ad-now-zip-mp3-261895-fake-it-flowers-fr14h-gmqthe was found to contain malicious code...

Malicious code in down-load-available-zip-now-365509-chew-the-scenery-ymqd7-xaqqmu (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 39470e2ad654687e0841bb2740b376632c07ad817ddd755c4037149fb3872220 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2024-12039 · Unknown · Processwire

Name of the Vulnerable Software and Affected Versions: ProcessWire version 3.0.210 Description: An issue in ProcessWire allows attackers to execute arbitrary code and install a reverse shell via the download zip url parameter when installing a new module. This issue is disputed as it requires the...