EUVD-2025-201090

Envoy's TLS certificate matcher for matchtypedsubjectaltnames may incorrectly treat certificates containing an embedded null byte...

Envoy 代码问题漏洞

Envoy is an Enphase open source gateway program for connecting smart home devices. A code issue vulnerability exists in Envoy versions 1.33.12, 1.34.10, 1.35.6, 1.36.2, and prior versions, which stems from a reentry error in the JWT authentication configuration that could lead to a crash...

SUSE CVE-2025-62504

Envoy is an open source edge and service proxy. Envoy versions earlier than 1.36.2, 1.35.6, 1.34.10, and 1.33.12 contain a use-after-free vulnerability in the Lua filter. When a Lua script executing in the response phase rewrites a response body so that its size exceeds the configured...

EUVD-2025-34836

Envoy is an open source edge and service proxy. Envoy versions earlier than 1.36.2, 1.35.6, 1.34.10, and 1.33.12 contain a use-after-free vulnerability in the Lua filter. When a Lua script executing in the response phase rewrites a response body so that its size exceeds the configured...

Envoy 资源管理错误漏洞

Envoy is an Enphase open source gateway program for connecting smart home devices. A resource management error vulnerability exists in Envoy versions prior to 1.36.2, prior to 1.35.6, prior to 1.34.10, and prior to 1.33.12, which stems from the presence of post-release reuse of Lua filters, which...

EUVD-2021-29032

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-41799

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. ApiQueryBacklinks action=query&list=backlinks...

Linux Distros Unpatched Vulnerability : CVE-2021-41798

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page. CVE-2021-41798 Note...

BIT-MEDIAWIKI-2021-42041

An issue was discovered in CentralAuth in MediaWiki through 1.36.2. The rightsnone MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the setchange log...

BIT-MEDIAWIKI-2021-42042

An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension in MediaWiki through 1.36.2. The growthexperiments-edit-config-error-invalid-title MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript...

BIT-MEDIAWIKI-2021-42048

An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits...

PT-2024-22148 · Deno · Deno

Name of the Vulnerable Software and Affected Versions: Deno versions 1.36.2 through 1.40.3 Description: The issue arises from the use of inherently unsafe const c void and ExternalPointer which leads to use-after-free access of the underlying structure, resulting in arbitrary code execution. An...

CVE-2021-42049

An issue was discovered in the Translate extension in MediaWiki through 1.36.2. Oversighters cannot undo revisions or oversight on pages where they suppressed information such as PII. This allows oversighters to whitewash revisions...

GHSA-C8WV-QWWC-6J73 MediaWiki allows a denial of service

MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled...

MediaWiki Cross-Site Scripting Vulnerability (CNVD-2022-05529)

MediaWiki is a free and free-to-use web-based wiki engine from the US-based MediaWiki Foundation. A cross-site scripting vulnerability exists in versions of MediaWiki prior to 1.36.2, which stems from the fact that MediaWiki messages associated with a month are not escaped until they are used on ...

MediaWiki Denial of Service Vulnerability (CNVD-2022-05528)

MediaWiki is a free and free-to-use web-based wiki engine from the US-based Wikimedia MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems.MediaWiki has a denial of service vulnerability in versions prior to 1.36.2, which stems from...

DEBIAN-CVE-2021-41799

MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. ApiQueryBacklinks action=query&list=backlinks can cause a full table scan...

CVE-2021-41798

MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page...

Design/Logic Flaw

MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page...

Code injection

MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled...