Lucene search
+L

455 matches found

CVE
CVE
added 2026/04/08 1:6 a.m.32 views

CVE-2026-32289

CVE-2026-32289 is a documented issue where html/template failed to correctly track JS template literal context, risking improper escaping and potential XSS. Portable across Go toolchains, it was addressed by the Go project in updates to go1.25.9 and go1.26.2, and these fixes are reflected in SUSE...

6.1CVSS5.9AI score0.0029EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/04/08 1:6 a.m.5 views

EUVD-2026-20018

Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being...

5.9AI score0.0029EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/08 12:30 a.m.7 views

EUVD-2026-19976

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - GlobalWatchlist Extension allows Cross-Site Scripting XSS.This issue affects non release branches...

10CVSS5.9AI score0.00335EPSS
Exploits0References3
NVD
NVD
added 2026/04/07 10:16 p.m.4 views

CVE-2026-39937

Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure. The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1....

8.8CVSS0.00263EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/07 9:51 p.m.16 views

CVE-2026-39933 Multiple XSS vulnerabilities in GlobalWatchlist

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - GlobalWatchlist Extension allows Cross-Site Scripting XSS. The issue has been remediated on the master branch, and in the release branches for MediaWiki version...

6.9CVSS0.00335EPSS
Exploits0References2
CVE
CVE
added 2026/04/07 9:51 p.m.9 views

CVE-2026-39933

The CVE-2026-39933 entry concerns The Wikimedia Foundation MediaWiki GlobalWatchlist Extension and an input handling issue that leads to Cross-Site Scripting (XSS) during web page generation. The connected sources confirm the vulnerability affects the GlobalWatchlist extension and state remediati...

6.9CVSS5.8AI score0.00335EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/07 9:44 p.m.4 views

CVE-2026-39937 Global vanishing does not completely remove user email

Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure. The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1....

8.8CVSS5.8AI score0.00263EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/07 9:44 p.m.18 views

CVE-2026-39937 Global vanishing does not completely remove user email

Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure. The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1....

8.8CVSS0.00263EPSS
Exploits0References2
CVE
CVE
added 2026/04/07 9:44 p.m.13 views

CVE-2026-39937

CVE-2026-39937 concerns the Wikimedia Foundation’s MediaWiki CentralAuth Extension. The issue is an improper removal of sensitive information before storage or transfer, resulting in a Resource Leak Exposure. According to the connected documents, the vulnerability has been remediated on the maste...

8.8CVSS5.8AI score0.00263EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.6 views

PT-2026-31042

Name of the Vulnerable Software and Affected Versions The Wikimedia Foundation Mediawiki - GlobalWatchlist Extension affected versions not specified Description A cross-site scripting XSS issue exists in The Wikimedia Foundation Mediawiki - GlobalWatchlist Extension. This allows for XSS attacks...

10CVSS5.8AI score0.00335EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.8 views

PT-2026-31033

Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.This issue affects non release branches...

8.8CVSS5.9AI score0.00263EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.15 views

PT-2026-31066

Name of the Vulnerable Software and Affected Versions versions prior to 2.3 Description Improper tracking of context across template branches within JavaScript template literals could lead to incorrect content escaping when branches are used. Additionally, template actions inside these literals d...

9.8CVSS5.7AI score0.0029EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.12 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from index out-of-bounds errors when encountering zero-element branches...

5.8AI score0.00012EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:5 p.m.4 views

CVE-2025-14513

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service condition due to improper input validation when processing specially crafted JSON...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/03/18 12:0 a.m.5 views

Defending the Power Grid by Segmenting the EV Charging Cyber Infrastructure

This paper examines defending the power grid against load-altering attacks using electric vehicle charging. It proposes to preventively segment the cyber infrastructure that charging station operators CSOs use to communicate with and control their charging stations, thereby limiting the impact of...

5.7AI score
Exploits0
OSV
OSV
added 2026/03/13 9:31 a.m.8 views

BIT-GITLAB-2025-14513 Improper Validation of Specified Quantity in Input in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service condition due to improper input validation when processing specially crafted JSON...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/11 6:30 p.m.4 views

EUVD-2025-208576

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service condition due to improper input validation when processing specially crafted JSON...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/03/11 4:49 p.m.4 views

SUSE CVE-2026-3904

Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x8664 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. The nscd client in the...

6.2CVSS5.8AI score0.00146EPSS
Exploits1References3
NVD
NVD
added 2026/03/11 4:16 p.m.5 views

CVE-2025-14513

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service condition due to improper input validation when processing specially crafted JSON...

7.5CVSS0.00475EPSS
Exploits0References3
OSV
OSV
added 2026/03/11 4:16 p.m.6 views

UBUNTU-CVE-2025-14513

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service condition due to improper input validation when processing specially crafted JSON...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References2
Rows per page
Query Builder