CVE-2026-46718

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended to upgrade to version 1.42, which fixes the issue...

EUVD-2025-208727

Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT Webserver modules allows overflow buffers.This issue affects: smartLink SW-PN: through 1.03 smartLink SW-HT: through 1.42...

CVE-2025-10461 Global file reads caused by improper URL checks in webserver

Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker filesystem modules allows file access. This issue affects smartLink SW-HT: through 1.42 smartLink SW-PN: through 1.03...

CVE-2025-6927 Autoblocks from global account suppressions are publicly visible

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php, includes/api/ApiQueryBlocks.Php. This issue affects MediaWiki: from = 1.42.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0...

MiracleLinux 7 : pango-1.42.4-4.el7 (AXSA:2020-060:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-060:01 advisory. pango: pangolog2visgetembeddinglevels heap-based buffer overflow CVE-2019-1010238 CVE-2019-1010238 Gnome Pango 1.42 and later is affected by: Buffer Overflow...

MediaWiki - Lockdown Extension 安全漏洞

MediaWiki - Lockdown Extension is an open source permission control extension for MediaWiki. A security vulnerability exists in MediaWiki - Lockdown Extension versions up to and including version 1.42, which stems from an improper assignment of critical resource permissions and could lead to...

EUVD-2023-49386

Malicious code in bioql PyPI...

CVE-2025-57927 WordPress Dashboard Notepad Plugin <= 1.42 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Stephanie Leary Dashboard Notepad dashboard-notepad allows Cross Site Request Forgery.This issue affects Dashboard Notepad: from n/a through = 1.42...

CVE-2025-57927 WordPress Dashboard Notepad Plugin <= 1.42 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Stephanie Leary Dashboard Notepad allows Cross Site Request Forgery. This issue affects Dashboard Notepad: from n/a through 1.42...

CVE-2025-57927

Technical details about CVE-2025-57927 are not provided in the connected documents. The available data confirms a CSRF issue in Dashboard Notepad up to 1.42, but no vendor, impact, affected versions beyond that, or fixes are described here.

PT-2025-38778

Name of the Vulnerable Software and Affected Versions Dashboard Notepad versions through 1.42 Description A Cross-Site Request Forgery CSRF issue exists in Stephanie Leary Dashboard Notepad. This allows for the execution of unwanted actions on behalf of an authenticated user. Recommendations Upda...

CVE-2025-7362

The MsUpload extension for MediaWiki is vulnerable to stored XSS via the msu-continue system message, which is inserted into the DOM without proper sanitization. The vulnerability occurs in the file upload UI when the same filename is uploaded twice. This issue affects Mediawiki - MsUpload...

CVE-2025-53479

The CheckUser extension’s Special:CheckUser interface is vulnerable to reflected XSS via the rev-deleted-user message. This message is rendered without proper escaping, making it possible to inject JavaScript through the uselang=x-xss language override mechanism. This issue affects Mediawiki -...

CVE-2025-53486

The WikiCategoryTagCloud extension is vulnerable to reflected XSS via the linkstyle attribute, which is improperly concatenated into inline HTML without escaping. An attacker can inject JavaScript event handlers such as onmouseenter using carefully crafted input via the tag:tagcloud parser...

CVE-2025-53501

Improper Access Control vulnerability in Wikimedia Foundation Mediawiki - Scribunto Extension allows : Accessing Functionality Not Properly Constrained by Authorization.This issue affects Mediawiki - Scribunto Extension: from 1.39.X before 1.39.12, from 1.42.X before 1.42.7, from 1.43.X before...

Wikimedia Mediawiki - MintyDocs Extension 安全漏洞

Wikimedia Mediawiki - MintyDocs Extension is a document creation and management extension from the Wikimedia Foundation. A security vulnerability exists in Wikimedia Mediawiki - MintyDocs Extension that stems from improper input neutralization and could lead to a stored cross-site scripting attac...

CVE-2023-45065

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit plugin = 1.42 versions...

Mediawiki OpenBadges Extension 跨站脚本漏洞

Mediawiki OpenBadges Extension is an extension of the Wikimedia Foundation USA. A cross-site scripting vulnerability exists in Mediawiki OpenBadges Extension. An attacker exploiting this vulnerability could perform a cross-site scripting attack. The following versions are affected: version 1.39.X...

PT-2025-4805 · Unknown +1 · Refreshspecial Extension +1

Name of the Vulnerable Software and Affected Versions: Mediawiki - RefreshSpecial Extension versions 1.39.X through 1.39.11 Mediawiki - RefreshSpecial Extension versions 1.41.X through 1.41.3 Mediawiki - RefreshSpecial Extension versions 1.42.X through 1.42.2 Description: The issue is related to...

Mediawiki ArticleFeedback 安全漏洞

Mediawiki ArticleFeedback is a Mediawiki extension from the Wikimedia Foundation USA. A security vulnerability exists in Mediawiki ArticleFeedback version 1.42.X, prior to version 1.42.2, which stems from improper input neutralization during page generation and is vulnerable to cross-site scripti...