CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5941 matches found

RedhatCVE•added 2026/01/21 3:27 p.m.•7 views

CVE-2025-58091

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

6.1CVSS5.6AI score0.00229EPSS

Exploits1References1

RedhatCVE•added 2026/01/21 3:27 p.m.•6 views

CVE-2025-54495

A reflected cross-site scripting xss vulnerability exists in the emailfailedjob functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

6.1CVSS5.6AI score0.00286EPSS

Exploits1References1

RedhatCVE•added 2026/01/21 3:27 p.m.•5 views

CVE-2025-54814

A reflected cross-site scripting xss vulnerability exists in the modifyAutopurgeFilter functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

6.1CVSS5.6AI score0.00235EPSS

Exploits1References1

RedhatCVE•added 2026/01/21 3:27 p.m.•4 views

CVE-2025-53854

A reflected cross-site scripting xss vulnerability exists in the modifyHL7Route functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

6.1CVSS5.6AI score0.00286EPSS

Exploits1References1

RedhatCVE•added 2026/01/21 3:27 p.m.•4 views

CVE-2025-44000

A reflected cross-site scripting xss vulnerability exists in the sendOruReport functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

6.1CVSS5.6AI score0.00317EPSS

Exploits1References1

OSV•added 2026/01/21 1:0 a.m.•4 views

GHSA-W836-5GPM-7R93 SiYuan has a Reflected Cross-Site Scripting (XSS) via /api/icon/getDynamicIcon

Summary Reflected XSS in /api/icon/getDynamicIcon due to unsanitized SVG input. Details The endpoint generates SVG images for text icons type=8. The content query parameter is inserted directly into the SVG tag without XML escaping. Since the response Content-Type is image/svg+xml, injecting...

5.3CVSS5.7AI score0.00263EPSS

Exploits1References5

Positive Technologies•added 2026/01/21 12:0 a.m.•3 views

PT-2026-3868

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.2.0 through 2.54.0, an attacker is able to execute arbitrary JavaScript in a victim user's CVAT UI session, provided that they are able to create a maliciously crafted label in a CVAT task or...

8.6CVSS5.9AI score0.00142EPSS

Exploits0References3

CNNVD•added 2026/01/21 12:0 a.m.•4 views

Seroval code issue vulnerabilities

Seroval is a formatted Java library developed by Alexis H. Munsayac. Versions of Seroval 1.4.0 and earlier have code vulnerabilities caused by improper handling of JSON deserialization inputs, which may lead to arbitrary JavaScript code execution...

7.5CVSS6.1AI score0.00519EPSS

Exploits0References2

ATTACKERKB•added 2026/01/20 6:50 p.m.•4 views

CVE-2026-1245

A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without...

6.5CVSS6.5AI score0.00505EPSS

Exploits0References5

Vulnrichment•added 2026/01/20 6:50 p.m.•4 views

CVE-2026-1245 CVE-2026-1245

6.5AI score0.00505EPSS

Exploits0References4

CVE•added 2026/01/20 6:50 p.m.•29 views

CVE-2026-1245

CVE-2026-1245 is a code-injection vulnerability in the binary-parser library, affecting versions prior to 2.3.0. The issue arises from unsanitized values used in parser field names or encoding parameters, which are directly interpolated into dynamically generated code (via the Function constructo...

6.5CVSS6.5AI score0.00505EPSS

Exploits0References5Affected Software1

OSV•added 2026/01/20 5:54 p.m.•6 views

GHSA-4GPC-RHPJ-9443 Lobe Chat affected by Cross-Site Scripting(XSS) that can escalate to Remote Code Execution(RCE)

Summary A stored Cross-Site Scripting XSS vulnerability in the Mermaid artifact renderer allows attackers to execute arbitrary JavaScript within the application context. This XSS can be escalated to Remote Code Execution RCE. Details The vulnerability exists in the Renderer component responsible...

9.6CVSS5.9AI score0.00123EPSS

Exploits0References4

OSV•added 2026/01/20 3:17 p.m.•3 views

CVE-2025-58093

6.1CVSS5.9AI score0.00229EPSS

Exploits1References1

OSV•added 2026/01/20 3:17 p.m.•2 views

CVE-2025-58095

6.1CVSS5.9AI score0.0024EPSS

Exploits1References1

OSV•added 2026/01/20 3:17 p.m.•3 views

CVE-2025-58087