CVE-2026-39937

Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure. The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1....

CVE-2026-39882

OpenTelemetry-Go OTLP HTTP exporters (traces/metrics/logs) read the full HTTP response body into memory without a cap, enabling memory exhaustion if the collector endpoint is attacker-controlled. Affected: otlp HTTP exporters prior to v1.43.0. Impact: high availability risk due to memory usage. F...

CVE-2025-13406

NULL Pointer Dereference vulnerability in Softing Industrial Automation GmbH smartLink SW-HT Webserver modules allows HTTP DoS.This issue affects smartLink SW-HT: 1.43...

EUVD-2025-208781

NULL Pointer Dereference vulnerability in Softing Industrial Automation GmbH smartLink SW-HT Webserver modules allows HTTP DoS.This issue affects smartLink SW-HT: 1.43...

CVE-2025-13406

NULL Pointer Dereference vulnerability in Softing Industrial Automation GmbH smartLink SW-HT Webserver modules allows HTTP DoS.This issue affects smartLink SW-HT: 1.43...

CVE-2025-13406

NULL Pointer Dereference vulnerability in Softing Industrial Automation GmbH smartLink SW-HT Webserver modules allows HTTP DoS.This issue affects smartLink SW-HT: 1.43...

CVE-2025-13406 Scanning for higher HART revision device leads into NULL pointer dereference in live list

NULL Pointer Dereference vulnerability in Softing Industrial Automation GmbH smartLink SW-HT Webserver modules allows HTTP DoS.This issue affects smartLink SW-HT: 1.43...

Softing smartLink SW-HT 安全漏洞

The Softing smartLink SW-HT is a HART multiplexer from Softing Corporation, allowing for easy and quick access to HART field devices without the need for additional hardware. Version 1.43 of the Softing smartLink SW-HT contains a security vulnerability caused by a null pointer dereferencing, whic...

CVE-2025-6927 Autoblocks from global account suppressions are publicly visible

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php, includes/api/ApiQueryBlocks.Php. This issue affects MediaWiki: from = 1.42.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0...

CVE-2025-11175

Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue affects Mediawiki - DiscussionTools Extensio...

UBUNTU-CVE-2025-11175

Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue affects Mediawiki - DiscussionTools Extensio...

CVE-2025-11175 DiscussionTools should use better regex

Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue affects Mediawiki - DiscussionTools Extensio...

EUVD-2025-206571

Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue affects Mediawiki - DiscussionTools Extensio...

CVE-2025-11175 DiscussionTools should use better regex

Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue affects Mediawiki - DiscussionTools Extensio...

CVE-2026-22714

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - Monaco Skin allows Cross-Site Scripting XSS.This issue affects Mediawiki - Monaco Skin: 1.45, 1.44, 1.43, 1.39...

CVE-2026-0671

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki - UploadWizard extension allows Cross-Site Scripting XSS.This issue affects MediaWiki - UploadWizard extension: 1.45, 1.44, 1.43, 1.39...

CVE-2026-0817

Missing Authorization vulnerability in Wikimedia Foundation MediaWiki - CampaignEvents extension allows Privilege Abuse.This issue affects MediaWiki - CampaignEvents extension: 1.45, 1.44, 1.43, 1.39...

CVE-2026-22714

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - Monaco Skin allows Cross-Site Scripting XSS.This issue affects Mediawiki - Monaco Skin: 1.45, 1.44, 1.43, 1.39...

CVE-2026-22710

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - Wikibase Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - Wikibase Extension: 1.45, 1.44, 1.43, 1.39...

CVE-2026-22712 ApprovedRevs allows bypassing the inline CSS sanitizer

Improper Encoding or Escaping of Output due to magic word replacement in ParserAfterTidy vulnerability in The Wikimedia Foundation Mediawiki - ApprovedRevs Extension allows Input Data Manipulation.This issue affects Mediawiki - ApprovedRevs Extension: 1.45, 1.44, 1.43, 1.39...