455 matches found
CVE-2026-32289
CVE-2026-32289 is a documented issue where html/template failed to correctly track JS template literal context, risking improper escaping and potential XSS. Portable across Go toolchains, it was addressed by the Go project in updates to go1.25.9 and go1.26.2, and these fixes are reflected in SUSE...
EUVD-2026-20018
Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being...
EUVD-2026-19976
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - GlobalWatchlist Extension allows Cross-Site Scripting XSS.This issue affects non release branches...
CVE-2026-39937
Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure. The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1....
CVE-2026-39933 Multiple XSS vulnerabilities in GlobalWatchlist
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - GlobalWatchlist Extension allows Cross-Site Scripting XSS. The issue has been remediated on the master branch, and in the release branches for MediaWiki version...
CVE-2026-39933
The CVE-2026-39933 entry concerns The Wikimedia Foundation MediaWiki GlobalWatchlist Extension and an input handling issue that leads to Cross-Site Scripting (XSS) during web page generation. The connected sources confirm the vulnerability affects the GlobalWatchlist extension and state remediati...
CVE-2026-39937 Global vanishing does not completely remove user email
Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure. The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1....
CVE-2026-39937 Global vanishing does not completely remove user email
Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure. The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1....
CVE-2026-39937
CVE-2026-39937 concerns the Wikimedia Foundation’s MediaWiki CentralAuth Extension. The issue is an improper removal of sensitive information before storage or transfer, resulting in a Resource Leak Exposure. According to the connected documents, the vulnerability has been remediated on the maste...
PT-2026-31042
Name of the Vulnerable Software and Affected Versions The Wikimedia Foundation Mediawiki - GlobalWatchlist Extension affected versions not specified Description A cross-site scripting XSS issue exists in The Wikimedia Foundation Mediawiki - GlobalWatchlist Extension. This allows for XSS attacks...
PT-2026-31033
Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.This issue affects non release branches...
PT-2026-31066
Name of the Vulnerable Software and Affected Versions versions prior to 2.3 Description Improper tracking of context across template branches within JavaScript template literals could lead to incorrect content escaping when branches are used. Additionally, template actions inside these literals d...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from index out-of-bounds errors when encountering zero-element branches...
CVE-2025-14513
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service condition due to improper input validation when processing specially crafted JSON...
Defending the Power Grid by Segmenting the EV Charging Cyber Infrastructure
This paper examines defending the power grid against load-altering attacks using electric vehicle charging. It proposes to preventively segment the cyber infrastructure that charging station operators CSOs use to communicate with and control their charging stations, thereby limiting the impact of...
BIT-GITLAB-2025-14513 Improper Validation of Specified Quantity in Input in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service condition due to improper input validation when processing specially crafted JSON...
EUVD-2025-208576
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service condition due to improper input validation when processing specially crafted JSON...
SUSE CVE-2026-3904
Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x8664 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. The nscd client in the...
CVE-2025-14513
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service condition due to improper input validation when processing specially crafted JSON...
UBUNTU-CVE-2025-14513
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service condition due to improper input validation when processing specially crafted JSON...