Lucene search
K

14 matches found

Vulnrichment
Vulnrichment
added 2026/02/03 1:12 a.m.4 views

CVE-2025-67479 Magic word replacement in legacy parser allows using reserved data attributes through wikitext

Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Cite. This vulnerability is associated with program files includes/Parser/CoreParserFunctions.Php, includes/Parser/Sanitizer.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1; Cite: from before 1.39.14,...

5.3AI score0.0027EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/03 1:12 a.m.25 views

CVE-2025-67479 Magic word replacement in legacy parser allows using reserved data attributes through wikitext

Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Cite. This vulnerability is associated with program files includes/Parser/CoreParserFunctions.Php, includes/Parser/Sanitizer.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1; Cite: from before 1.39.14,...

0.0027EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 1:12 a.m.22 views

CVE-2025-67479

CVE-2025-67479 is a MediaWiki vulnerability (Cite context) involving magic word replacement in the legacy parser that allows using reserved data attributes via wikitext. Affected are MediaWiki releases before 1.39.14, 1.43.4, and 1.44.1; Cite module is also listed as affected. Debian LTS advisory...

5.2AI score0.0027EPSS
Exploits0References1
CVE
CVE
added 2025/10/22 3:31 p.m.11 views

CVE-2025-62659

The CVE-2025-62659 issue affects the MediaWiki CookieConsent extension for Cookie consent management. It is a Cross-Site Scripting (XSS) vulnerability caused by improper handling of reserved data attributes in the Sanitizer::validateAttributes() function, enabling arbitrary scripts to run in a us...

2.1CVSS5.5AI score0.00267EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/22 3:31 p.m.3 views

CVE-2025-62659 The CookieConsent extension does not properly use reserved data attributes, thus introducing potential XSS vectors

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation MediaWiki CookieConsent extension allows Cross-Site Scripting XSS.This issue affects MediaWiki CookieConsent extension: from v0.1.0 before v2.0.0...

2.1CVSS5.5AI score0.00267EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/22 3:31 p.m.16 views

CVE-2025-62659 The CookieConsent extension does not properly use reserved data attributes, thus introducing potential XSS vectors

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation MediaWiki CookieConsent extension allows Cross-Site Scripting XSS.This issue affects MediaWiki CookieConsent extension: from v0.1.0 before v2.0.0...

2.1CVSS0.00267EPSS
Exploits0References1
CVE
CVE
added 2025/09/25 1:56 p.m.13 views

CVE-2025-59839

Summary (CVE-2025-59839): The Star Citizen Wiki EmbedVideo Extension (MediaWiki) versions 4.0.0 and earlier allowed adding arbitrary HTML attributes via wikitext, enabling stored XSS through non-reserved data attributes (e.g., data-iframeconfig). Evidence from multiple sources notes this XSS clas...

8.6CVSS5.8AI score0.00282EPSS
Exploits1References4Affected Software1
SUSE CVE
SUSE CVE
added 2025/05/09 4:54 a.m.3 views

SUSE CVE-2022-49880

In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in 'ext4dareleasespace' Syzkaller report issue as follows: EXT4-fs loop0: Free/Dirty block details EXT4-fs loop0: freeblocks=0 EXT4-fs loop0: dirtyblocks=0 EXT4-fs loop0: Block reservation details EXT4-fs loop0:...

4.4CVSS6.4AI score0.00186EPSS
Exploits0References12
OSV
OSV
added 2025/05/01 3:16 p.m.2 views

DEBIAN-CVE-2022-49880

In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in 'ext4dareleasespace' Syzkaller report issue as follows: EXT4-fs loop0: Free/Dirty block details EXT4-fs loop0: freeblocks=0 EXT4-fs loop0: dirtyblocks=0 EXT4-fs loop0: Block reservation details EXT4-fs loop0:...

5.5CVSS5.5AI score0.00186EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/01 2:10 p.m.3 views

CVE-2022-49880 ext4: fix warning in 'ext4_da_release_space'

In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in 'ext4dareleasespace' Syzkaller report issue as follows: EXT4-fs loop0: Free/Dirty block details EXT4-fs loop0: freeblocks=0 EXT4-fs loop0: dirtyblocks=0 EXT4-fs loop0: Block reservation details EXT4-fs loop0:...

6AI score0.00186EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/09/30 12:0 a.m.5 views

Infinera hiT 7300 安全漏洞

The Infinera hiT 7300 is a software-defined networking SDN-ready coherent packet-optical transport system from Infinera USA. A security vulnerability exists in the Infinera hiT 7300 version 5.60.50, which stems from a hidden feature in the web interface that allows a remote, authenticated attacke...

2.7CVSS6.4AI score0.00351EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/09/05 2:46 a.m.3 views

SUSE CVE-2024-44972

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

5.5CVSS7.3AI score0.00019EPSS
Exploits0References7
OSV
OSV
added 2024/09/04 7:15 p.m.2 views

DEBIAN-CVE-2024-44972

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clear page dirty inside extentwritelockedrange BUG For subpage + zoned case, the following workload can lead to rsv data leak at unmount time: mkfs.btrfs -f -s 4k $dev mount $dev $mnt fsstress -w -n 8 -d $mnt -s...

5.5CVSS6AI score0.00019EPSS
Exploits0References1
Oracle linux
Oracle linux
added 2017/08/07 12:0 a.m.29 views

gtk-vnc security, bug fix, and enhancement update

0.7.0-2 - Fix reserved data size rhbz 1416783 - Fix inverted args in tests rhbz 1416783 - Avoid sign extension problems rhbz 1416783 - Fix crash with opening via GSocketAddress rhbz 1416783 - Fix crash & error reporting during connection timeout rhbz 1441120 - Fix incompatibility with libvncserve...

9.8CVSS9AI score0.04985EPSS
Exploits2
Rows per page
Query Builder