NPM: Electerm users can run dangrous code through link or command line

NPM: Electerm users can run dangrous code through link or command line vulnerability discovered by ? in WordPress Npm electerm versions = 3.0.6, 3.8.8...

Fedora 44 : libarchive (2026-54ce3fd147)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-54ce3fd147 advisory. Rebase to the latest upstream version - 3.8.7 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: libarchive: bsdcat-3.8.7-1.hum1 aarch64, x8664 bsdcpio-3.8.7-1.hum1 aarch64, x8664 bsdtar-3.8.7-1.hum1 aarch64, x8664 bsdunzip-3.8.7-1.hum1 aarch64, x8664 libarchive-3.8.7-1.hum1 aarch64, x8664...

WordPress WP Logo Showcase Responsive Slider and Carousel plugin <= 3.8.7 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin WP Logo Showcase Responsive Slider and Carousel versions = 3.8.7...

Slackware Linux 15.0 / current libarchive Vulnerability (SSA:2026-103-01)

The version of libarchive installed on the remote host is prior to 3.8.7. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-103-01 advisory. New libarchive packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the preceding...

EUVD-2026-19891

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

CVE-2026-39837

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

CVE-2026-39840

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

CVE-2026-39837 Stored XSS through the dynamic table format in Cargo

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

CVE-2026-39837 Stored XSS through the dynamic table format in Cargo

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

CVE-2026-39841

The CVE-2026-39841 vulnerability is a Stored XSS in the MediaWiki Cargo Extension (pre-3.8.7) due to improper neutralization of Script-Related HTML tags in list fields on Cargo pages and Special:CargoTables. This affects how Cargo handles page values, allowing injected scripts to be stored and po...

CVE-2026-39841

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

CVE-2026-39841 Stored XSS through list fields on Cargo's page values and Special:CargoTables

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

CVE-2026-39840

The CVE-2026-39840 issue affects Wikimedia Foundation MediaWiki’s Cargo Extension (before version 3.8.7). It is caused by improper neutralization of input during web page generation, enabling cross-site scripting (XSS) that targets non-script elements. Impact is user-side script execution with th...

CVE-2026-39840

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

CVE-2026-39839 Stored XSS through URLs in Cargo's map format

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

CVE-2026-39839

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

MediaWiki - Cargo Extension 安全漏洞

MediaWiki – Cargo Extension is an open-source plugin for querying and storing data in MediaWiki. Versions of MediaWiki – Cargo Extension prior to 3.8.7 contained security vulnerabilities. These vulnerabilities were due to improper handling of script-related HTML tags, which could lead to stored-x...

PT-2026-30992

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

PT-2026-31012

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension: before 3.8.7...