916 matches found
Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: rust: cargo-1.97.0-1.1.hum1 aarch64, x8664 clippy-1.97.0-1.1.hum1 aarch64, x8664 rust-1.97.0-1.1.hum1 aarch64, x8664 rust-analyzer-1.97.0-1.1.hum1 aarch64, x8664...
CVE-2026-14363
A flaw was found in the Mediawiki Cargo Extension. This vulnerability, identified as SQL Injection, allows an attacker to execute malicious SQL commands. By exploiting improper handling of special characters in SQL commands, an attacker can potentially access, modify, or delete sensitive data...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via improper handling of user-supplied input in the Special:Drilldown process. An attacker can execute arbitrary SQL commands by injecting crafted input. Remediation Upgrade mediawiki/cargo to version 3.9.1 or higher...
CVE-2026-40034 vulnerabilities
Vulnerabilities for packages: jujutsu, cargo-audit...
CVE-2026-40034 vulnerabilities
Vulnerabilities for packages: cargo-audit...
CVE-2026-14363
Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection. This issue affects Mediawiki - Cargo Extension: from before 1.43.9,1.44.6,1.45.4...
CVE-2026-14363 Cargo Extension: SQLi in Special:Drilldown
Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection. This issue affects Mediawiki - Cargo Extension: from before 1.43.9,1.44.6,1.45.4...
CVE-2026-14363
Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection. This issue affects Mediawiki - Cargo Extension: from before 1.43.9,1.44.6,1.45.4...
EUVD-2026-41127
Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection. This issue affects Mediawiki - Cargo Extension: from before 1.43.9,1.44.6,1.45.4...
CVE-2026-14363
The CVE-2026-14363 issue affects the MediaWiki Cargo Extension for MediaWiki, where improper neutralization of special elements in SQL queries (notably in Special:Drilldown) enables SQL injection. Reported impacts include unauthorized access, modification, or deletion of data in the database. Aff...
CVE-2026-58521
A flaw was found in the Mediawiki - Cargo Extension. This vulnerability allows an attacker to inject malicious commands into database queries. This could lead to unauthorized access to sensitive information, modification of data, or disruption of the database's availability...
CVE-2026-58521
Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection. This issue affects Mediawiki - Cargo Extension: from before 1.43.9,1.44.6,1.45.4...
EUVD-2026-41102
Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection. This issue affects Mediawiki - Cargo Extension: from before 1.43.9,1.44.6,1.45.4...
CVE-2026-58521
The CVE-2026-58521 entry concerns an SQL injection in the Wikimedia Foundation MediaWiki Cargo Extension. According to connected sources, the vulnerability arises from improper neutralization of special elements in SQL commands, affecting MediaWiki Cargo Extension versions before 1.43.9, 1.44.6, ...
CVE-2026-58519
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS. This issue affects Mediawiki - Cargo Extension: from before 3.9.1...
EUVD-2026-40901
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS. This issue affects Mediawiki - Cargo Extension: from before 3.9.1...
CVE-2026-58519 Stored XSS through Cargo's map format
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS. This issue affects Mediawiki - Cargo Extension: from before 3.9.1...
CVE-2026-58519
CVE-2026-58519 describes an Stored XSS in The Wikimedia Foundation MediaWiki Cargo Extension caused by improper neutralization of input during web page generation. Affected software is MediaWiki Cargo Extension prior to version 3.9.1. The connected sources confirm the vulnerability and its scope ...
PT-2026-54647
Name of the Vulnerable Software and Affected Versions Mediawiki - Cargo Extension versions prior to 1.43.9 Mediawiki - Cargo Extension versions prior to 1.44.6 Mediawiki - Cargo Extension versions prior to 1.45.4 Description Improper neutralization of special elements used in an SQL command leads...
PT-2026-54481
Name of the Vulnerable Software and Affected Versions Mediawiki - Cargo Extension versions prior to 3.9.1 Description Improper neutralization of input during web page generation leads to a Stored Cross-Site Scripting XSS issue. Stored XSS occurs when an application receives data from a user and...