Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Talos

#b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b
PolicyEmail

Short Name

talos

Program Role

CNA

Top Level Root

MITRE Corporation

Security Advisories

View Advisories

Domain

cisco.com

Country

USA

Scope

Third-party products it researches.
Reported CVEsVendorsProductsReports
2537Vulnerabilities found
CVE-2026-20911
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-9.8||CRITICAL
EPSS-0.05% / 16.57%
||
7 Day CHG~0.00%
Published-07 Apr, 2026 | 13:49
Updated-10 Apr, 2026 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-librawLibRaw
Product-librawLibRaw
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CVE-2026-21413
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-9.8||CRITICAL
EPSS-0.05% / 16.57%
||
7 Day CHG~0.00%
Published-07 Apr, 2026 | 13:49
Updated-10 Apr, 2026 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-librawLibRaw
Product-librawLibRaw
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2026-20889
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-9.8||CRITICAL
EPSS-0.05% / 16.57%
||
7 Day CHG~0.00%
Published-07 Apr, 2026 | 13:49
Updated-10 Apr, 2026 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-librawLibRaw
Product-librawLibRaw
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-24660
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-8.1||HIGH
EPSS-0.05% / 16.57%
||
7 Day CHG~0.00%
Published-07 Apr, 2026 | 13:49
Updated-10 Apr, 2026 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-librawLibRaw
Product-librawLibRaw
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-24450
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-8.1||HIGH
EPSS-0.05% / 16.57%
||
7 Day CHG~0.00%
Published-07 Apr, 2026 | 13:49
Updated-13 Apr, 2026 | 13:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-librawLibRaw
Product-librawLibRaw
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-20884
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-8.1||HIGH
EPSS-0.05% / 16.57%
||
7 Day CHG~0.00%
Published-07 Apr, 2026 | 13:49
Updated-13 Apr, 2026 | 13:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-librawLibRaw
Product-librawLibRaw
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-66342
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.79%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A type confusion vulnerability exists in the EMF functionality of Canva Affinity. A specially crafted EMF file can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2025-62500
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 5.55%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-61979
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 5.55%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-64733
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 5.55%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-66000
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 5.55%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-64301
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.02% / 6.23%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out‑of‑bounds write vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out‑of‑bounds write, potentially leading to code execution.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-64776
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 5.55%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-64735
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 5.55%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-66633
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 5.55%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-58427
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 5.55%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-66617
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 5.55%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-47873
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 5.55%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-61952
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 5.55%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-66503
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 5.55%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-66042
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 5.55%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-65119
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 5.55%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-62403
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 5.55%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-20726
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 5.55%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-22882
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 5.55%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 18:52
Updated-19 Mar, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Action-Not Available
Vendor-canvaCanva
Product-affinityAffinity
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-64736
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.03% / 8.77%
||
7 Day CHG+0.01%
Published-03 Mar, 2026 | 14:32
Updated-05 Mar, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (5462afb0). A specially crafted .abf file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-libbiosig_projectThe Biosig Project
Product-libbiosiglibbiosig
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-22891
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 39.74%
||
7 Day CHG+0.05%
Published-03 Mar, 2026 | 14:32
Updated-05 Mar, 2026 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted Intan CLP file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-libbiosig_projectThe Biosig Project
Product-libbiosiglibbiosig
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-20777
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-8.1||HIGH
EPSS-0.18% / 39.74%
||
7 Day CHG+0.05%
Published-03 Mar, 2026 | 14:32
Updated-05 Mar, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted .wft file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-libbiosig_projectThe Biosig Project
Product-libbiosiglibbiosig
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-61982
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.65%
||
7 Day CHG~0.00%
Published-18 Feb, 2026 | 14:38
Updated-18 Feb, 2026 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An arbitrary code execution vulnerability exists in the Code Stream directive functionality of OpenCFD OpenFOAM 2506. A specially crafted OpenFOAM simulation file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-OpenCFD
Product-OpenFOAM
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-54817
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.05% / 14.73%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:50
Updated-29 Jan, 2026 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the autoPurge functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a URL to a malicious website to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-53516
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.06% / 19.32%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:50
Updated-29 Jan, 2026 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the downloadZip functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-54495
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.05% / 14.73%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:50
Updated-29 Jan, 2026 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the emailfailedjob functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-54157
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.05% / 14.73%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:50
Updated-29 Jan, 2026 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-54778
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.05% / 14.73%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:50
Updated-29 Jan, 2026 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the existingUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-46270
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.05% / 14.73%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:50
Updated-29 Jan, 2026 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the fetchPriorStudies functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-55071
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.06% / 19.32%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:50
Updated-29 Jan, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the modifyAnonymize functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-54852
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.06% / 19.32%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:49
Updated-29 Jan, 2026 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the modifyAeTitle functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-54814
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.05% / 14.73%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:49
Updated-29 Jan, 2026 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the modifyAutopurgeFilter functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-54861
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.05% / 14.73%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:49
Updated-29 Jan, 2026 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the modifyCoercion functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-57881
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.05% / 14.73%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:49
Updated-29 Jan, 2026 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the modifyEmail functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-58080
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.05% / 14.73%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:49
Updated-29 Jan, 2026 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7App functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-53854
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.05% / 14.73%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:49
Updated-29 Jan, 2026 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7Route functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-57787
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.06% / 19.32%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:49
Updated-29 Jan, 2026 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the modifyRoute functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-53707
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.06% / 19.32%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:49
Updated-29 Jan, 2026 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the modifyTranscript functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-54853
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.05% / 14.73%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:49
Updated-29 Jan, 2026 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the modifyUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-57786
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.05% / 14.73%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:49
Updated-29 Jan, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the notifynewstudy functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-44000
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.06% / 19.32%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:49
Updated-29 Jan, 2026 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected cross-site scripting (xss) vulnerability exists in the sendOruReport functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-58095
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.06% / 19.32%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:49
Updated-29 Jan, 2026 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulnerability affects the imagedir parameter.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-58094
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.06% / 19.32%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:49
Updated-29 Jan, 2026 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulnerability affects the worklistsrc parameter.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-58093
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.1||MEDIUM
EPSS-0.06% / 19.32%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 14:49
Updated-29 Jan, 2026 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulnerability affects the phpdir parameter.

Action-Not Available
Vendor-meddreamMedDream
Product-pacs_serverMedDream PACS Premium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 50
  • 51
  • Next