Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

59044 matches found

EUVD
EUVDadded 2026/01/21 5:27 p.m.6 views

EUVD-2026-3618

OpenEMR 5.0.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript through user profile parameters. Attackers can exploit the vulnerability by crafting a malicious payload to download and execute a web shell, enabling remote command...

5.4CVSS5.4AI score0.00667EPSS
Exploits1References8
OSV
OSVadded 2026/01/21 5:16 p.m.3 views

CVE-2025-57681

The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4.23.6-jira10 and before version 4.23.5-jira9 allows users and attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability. The vulnerability is exploited via a specially crafted paylo...

5.4CVSS5.9AI score0.00187EPSS
Exploits1References2
OSV
OSVadded 2026/01/21 3:41 p.m.6 views

GHSA-3RXJ-6CGF-8CFW seroval Affected by Remote Code Execution via JSON Deserialization

Improper input handling in the JSON deserialization component can lead to arbitrary JavaScript code execution. The vulnerability can be exploited via overriding constant value and error deserialization, which allows indirect access to unsafe JS evaluation. This requires at least the ability to...

7.5CVSS6AI score0.00519EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2026/01/21 3:41 p.m.11 views

seroval Affected by Remote Code Execution via JSON Deserialization

Improper input handling in the JSON deserialization component can lead to arbitrary JavaScript code execution. The vulnerability can be exploited via overriding constant value and error deserialization, which allows indirect access to unsafe JS evaluation. This requires at least the ability to...

7.5CVSS6AI score0.00519EPSS
Exploits0References4Affected Software1
EUVD
EUVDadded 2026/01/21 3:41 p.m.4 views

EUVD-2026-3680

seroval Affected by Prototype Pollution via JSON Deserialization...

7.3CVSS5.3AI score0.00246EPSS
Exploits0References3
OSV
OSVadded 2026/01/21 3:41 p.m.4 views

GHSA-HJ76-42VX-JWP4 seroval Affected by Prototype Pollution via JSON Deserialization

Due to improper input validation, a malicious object key can lead to prototype pollution during JSON deserialization. This affects only JSON deserialization functionality. As there is no known workaround, please upgrade to the latest version...

7.3CVSS5.6AI score0.00246EPSS
Exploits0References4
vulnersOsv
vulnersOsvadded 2026/01/21 3:41 p.m.7 views

org.webjars.npm:solid-js (=1.9.5) potentially affected by CVE-2026-23736 via org.webjars.npm:seroval (=1.2.1)

org.webjars.npm:seroval MAVEN version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:seroval and may be impacted: - org.webjars.npm:solid-js =1.9.5 Source cves: CVE-2026-23736 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15054524...

9.8CVSS5.8AI score0.00246EPSS
Exploits0
RedhatCVE
RedhatCVEadded 2026/01/21 3:27 p.m.15 views

CVE-2025-58090

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

6.1CVSS5.6AI score0.00229EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/21 3:27 p.m.15 views

CVE-2025-58092

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

6.1CVSS5.6AI score0.00229EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/21 3:27 p.m.9 views

CVE-2025-58093

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

6.1CVSS5.6AI score0.00229EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/21 3:27 p.m.8 views

CVE-2025-58087

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

6.1CVSS5.6AI score0.0024EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/21 3:27 p.m.13 views

CVE-2025-36556

A reflected cross-site scripting xss vulnerability exists in the ldapUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

6.1CVSS5.6AI score0.00286EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/21 3:27 p.m.14 views

CVE-2025-58094

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

6.1CVSS5.6AI score0.00229EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/21 3:27 p.m.7 views

CVE-2025-36396

IBM Application Gateway 23.10 through 25.09 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.4CVSS5.1AI score0.00147EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/01/21 3:27 p.m.16 views

CVE-2025-54852

A reflected cross-site scripting xss vulnerability exists in the modifyAeTitle functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

6.1CVSS5.6AI score0.0026EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/21 3:27 p.m.6 views

CVE-2025-54495

A reflected cross-site scripting xss vulnerability exists in the emailfailedjob functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

6.1CVSS5.6AI score0.00286EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/21 3:27 p.m.10 views

CVE-2025-57881

A reflected cross-site scripting xss vulnerability exists in the modifyEmail functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

6.1CVSS5.6AI score0.00235EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/21 3:27 p.m.5 views

CVE-2025-54814

A reflected cross-site scripting xss vulnerability exists in the modifyAutopurgeFilter functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

6.1CVSS5.6AI score0.00235EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/21 3:27 p.m.8 views

CVE-2025-58091

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

6.1CVSS5.6AI score0.00229EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/21 3:27 p.m.6 views

CVE-2025-46270

A reflected cross-site scripting xss vulnerability exists in the fetchPriorStudies functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

6.1CVSS5.6AI score0.00286EPSS
Exploits1References1
Rows per page
Query Builder