62473 matches found
PT-2026-55332
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS spamBlocker module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-1071. This issue affects Fireware OS 12.0 up to and...
Linux Distros Unpatched Vulnerability : CVE-2026-53356
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/i915/gem: Fix phys BO pread/pwrite with offset sgpage returns struct page pointer not void so the scaling of pread/pwrite is wrong for phys BO and wrong par...
Linux Distros Unpatched Vulnerability : CVE-2026-4360
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted...
EUVD-2026-40130
Rancher has Privilege Escalation from Project Owner to Host...
Important: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
CVE-2026-14358
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - Charts Extension allows Cross-Site Scripting XSS. This issue affects Mediawiki - Charts Extension: from before 1.43.9,1.44.6,1.45.4...
PHP: PHP SoapServer: Memory corruption and information disclosure via incorrect persistence handling
A flaw was found in the PHP SoapServer component. When the server is configured to maintain session persistence, an error during a SOAP request can cause the system to incorrectly manage memory. This can lead to a "use-after-free" vulnerability, where the system attempts to use memory that has...
CVE-2026-58028
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation CentralAuth. This vulnerability is associated with program files includes/Api/ApiFormatBase.Php, includes/Api/ApiHelp.Php,...
CVE-2026-58032
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Api/index.Js. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6,...
CVE-2026-6283
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from v.4.8.2.23 before v.4.8.3.1...
CVE-2026-58028
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation CentralAuth. This vulnerability is associated with program files includes/Api/ApiFormatBase.Php, includes/Api/ApiHelp.Php,...
CVE-2026-24264
CVE-2026-24264 affects NVIDIA Triton Inference Server for Linux. The security bulletin documents that an attacker can cause improper handling of highly compressed data, with the impact being denial of service . The vulnerability is addressed by updating to Triton Server r26.04 or later . Affected...
CVE-2026-58032
MediaWiki vulnerability CVE-2026-58032 is an XSS in mw.Api.getErrorMessage() that may return injected HTML when errorformat=html is not used. Affected: MediaWiki versions before 1.46.0, and earlier branches 1.45.4, 1.44.6, 1.43.9, due to improper neutralization in resources/src/mediawiki.Api/inde...
CVE-2026-58032
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Api/index.Js. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6,...
EUVD-2026-41012
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js. This issue affects MediaWiki: from...
CVE-2026-58031
The CVE-2026-58031 entry describes a stored XSS in MediaWiki (Wikimedia Foundation) via Special:ApiSandbox when a deprecated module is selected. Affected component: resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js; affected software version range: MediaWiki 1.46.0-rc.0 up to prior t...
EUVD-2026-41010
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from v.4.8.2.23 before v.4.8.3.1...
EUVD-2026-41009
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Block/SpecialBlock.Vue...
EUVD-2026-41008
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from 4.8.2.23 before v.4.8.3.1...
CVE-2026-53356
The CVE-2026-53356 entry concerns the Linux kernel DRM/I915 GEM code. The root cause is in sg_page() returning a struct page pointer instead of (void *) which mis-scales pread/pwrite for phys BO and can cause access to incorrect parts of a buffer when a non-zero offset is used. A fix was cherry-p...