EUVD-2026-19976

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - GlobalWatchlist Extension allows Cross-Site Scripting XSS.This issue affects non release branches...

CVE-2026-39937

Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure. The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1....

CVE-2026-39933 Multiple XSS vulnerabilities in GlobalWatchlist

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - GlobalWatchlist Extension allows Cross-Site Scripting XSS. The issue has been remediated on the master branch, and in the release branches for MediaWiki version...

CVE-2026-39933

The CVE-2026-39933 entry concerns The Wikimedia Foundation MediaWiki GlobalWatchlist Extension and an input handling issue that leads to Cross-Site Scripting (XSS) during web page generation. The connected sources confirm the vulnerability affects the GlobalWatchlist extension and state remediati...

CVE-2026-39937 Global vanishing does not completely remove user email

Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure. The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1....

CVE-2026-39937

CVE-2026-39937 concerns the Wikimedia Foundation’s MediaWiki CentralAuth Extension. The issue is an improper removal of sensitive information before storage or transfer, resulting in a Resource Leak Exposure. According to the connected documents, the vulnerability has been remediated on the maste...

CVE-2026-39937 Global vanishing does not completely remove user email

Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure. The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1....

PT-2026-31042

Name of the Vulnerable Software and Affected Versions The Wikimedia Foundation Mediawiki - GlobalWatchlist Extension affected versions not specified Description A cross-site scripting XSS issue exists in The Wikimedia Foundation Mediawiki - GlobalWatchlist Extension. This allows for XSS attacks...

PT-2026-31033

Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.This issue affects non release branches...

AZL-60409 CVE-2024-56406 affecting package perl for versions less than 5.38.2-507

A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the tr operator, Sdotransinvmap can overflow the destination...

CVE-2018-11804

Spark's Apache Maven-based build includes a convenience script, 'build/mvn', that downloads and runs a zinc server to speed up compilation. It has been included in release branches since 1.3.x, up to and including master. This server will accept connections from external hosts by default. A...