CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-58080 A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7App functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript cod... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-58087 Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascrip... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-58088 Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascrip... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-58089 Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascrip... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-58090 Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascrip... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-58093 Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascrip... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-58094 Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascrip... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-58095 Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascrip... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-0548 The Tutor LMS β eLearning and online course solution plugin for WordPress is vulnerable to unauthorized attachment deletion due to a missing capability check on the `delete_existing_user_photo` functi... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-0554 The NotificationX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'regenerate' and 'reset' REST API endpoints in all versions up to, an... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-0608 The Head Meta Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'head-meta-data' post meta field in all versions up to, and including, 20251118 due to insufficient input s... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-0690 The FlatPM β Ad Manager, AdSense and Custom Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rank_math_description' custom field in all versions up to, and including, 3.... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-0726 The Nexter Extension β Site Enhancements Toolkit plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.6 via deserialization of untrusted input in the 'n... | 8.1 | HIGH | β | 0 |
| CVE-2025-36058 IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automati... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-36059 IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automati... | 4.7 | MEDIUM | β | 0 |
| CVE-2025-36063 IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a logout which could allow an authenticated user to impersonate anoth... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-36065 IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to imperson... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-36066 IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed a... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-36113 IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitra... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-36115 IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another use... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-36397 IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-36408 IBM ApplinX 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-36409 IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potent... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-36410 IBM ApplinX 11.1 could allow an authenticated user to perform unauthorized administrative actions on the server due to server-side enforcement of client-side security. | 3.1 | LOW | β | 0 |
| CVE-2025-36411 IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 3.5 | LOW | β | 0 |
| CVE-2025-36418 IBM ApplinX 11.1 is vulnerable due to a privilege escalation vulnerability due to improper verification of JWT tokens. An attacker may be able to craft or modify a JSON web token in order to impersona... | 7.3 | HIGH | β | 0 |
| CVE-2025-36419 IBM ApplinX 11.1 could disclose sensitive information about server architecture that could aid in further attacks against the system. | 5.3 | MEDIUM | β | 0 |
| CVE-2025-56353 In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), a memory leak occurs due to the broker's failure to validate or reject malformed UTF-8 strings in topic filters. An attacker c... | 7.5 | HIGH | β | 0 |
| CVE-2025-64087 A Server-Side Template Injection (SSTI) vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrary code via injecting crafted template ex... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-55423 A command injection vulnerability exists in the upnp_relay() function in multiple ipTIME router models because the controlURL value used to pass port-forwarding information to an upper router is passe... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-65482 An XML External Entity (XXE) vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-67824 The WorklogPRO - Jira Timesheets plugin in the Jira Data Center before 4.24.2-jira9, 4.24.2-jira10 and 4.24.2-jira11 allows attackers to inject arbitrary HTML or JavaScript via XSS. This is exploited ... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-33228 NVIDIA Nsight Systems contains a vulnerability in the gfx_hotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the process_nsys_rep_cli.py script if... | 7.3 | HIGH | β | 0 |
| CVE-2025-33229 NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Moni... | 7.3 | HIGH | β | 0 |
| CVE-2025-33230 NVIDIA Nsight Systems for Linux contains a vulnerability in the .run installer, where an attacker could cause an OS command injection by supplying a malicious string to the installation path. A succes... | 7.3 | HIGH | β | 0 |
| CVE-2025-33231 NVIDIA Nsight Systems for Windows contains a vulnerability in the applicationβs DLL loading mechanism where an attacker could cause an uncontrolled search path element by exploiting insecure DLL searc... | 6.7 | MEDIUM | β | 0 |
| CVE-2025-33233 NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalat... | 7.8 | HIGH | β | 0 |
| CVE-2025-67263 Abacre Retail Point of Sale 14.0.0.396 is affected by a stored cross-site scripting (XSS) vulnerability in the Clients module. The application fails to properly sanitize user-supplied input stored in ... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-56005 An undocumented and unsafe feature in the PLY (Python Lex-Yacc) library 3.11 allows Remote Code Execution (RCE) via the `picklefile` parameter in the `yacc()` function. This parameter accepts a `.pkl`... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-66803 Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x causes logout operations to fail when delayed frame responses reapply session cookies after logout. This can be exploit... | 4.8 | MEDIUM | β | 0 |
| CVE-2026-1245 A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameter... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-0622 Open 5GS WebUI uses a hard-coded JWT signing key (change-me) whenever the environment variable JWT_SECRET_KEY is unset | 6.5 | MEDIUM | β | 0 |
| CVE-2025-55130 A flaw in Node.jsβs Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a scr... | 9.1 | CRITICAL | β | 0 |
| CVE-2025-55132 A flaw in Node.js's permission model allows a file's access and modification timestamps to be changed via `futimes()` even when the process has only read permissions. Unlike `utimes()`, `futimes()` do... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-57155 NULL pointer dereference in the daap_reply_groups function in src/httpd_daap.c in owntone-server through commit 5e6f19a (newer commit after version 28.2) allows remote attackers to cause a Denial of S... | 7.5 | HIGH | β | 0 |
| CVE-2025-57156 NULL pointer dereference in the dacp_reply_playqueueedit_clear function in src/httpd_dacp.c in owntone-server through commit 6d604a1 (newer commit after version 28.12) allows remote attackers to cause... | 7.5 | HIGH | β | 0 |
| CVE-2025-59464 A memory leak in Node.jsβs OpenSSL integration occurs when converting `X.509` certificate fields to UTF-8 without freeing the allocated buffer. When applications call `socket.getPeerCertificate(true)`... | 7.5 | HIGH | β | 0 |
| CVE-2025-59465 A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to crash by triggering an unhandled `TLSSocket` error `ECONNRESET`. Instead of safely closing the connection, ... | N/A | NONE | β | 0 |
| CVE-2025-59466 We have identified a bug in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when `async_hooks.createHook()` is enabled. Instead of reaching `process.on('uncau... | 7.5 | HIGH | β | 0 |
| CVE-2025-63647 A NULL pointer dereference in the parse_meta function (src/httpd_daap.c) of owntone-server commit 334beb allows attackers to cause a Denial of Service (DoS) via sending a crafted DAAP request to the s... | 7.5 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.