369052 matches found
CVE-2026-24270
CVE-2026-24270 affects NVIDIA AIStore framework. The issue, described as an authentication bypass, could allow an attacker to cause denial of service, escalate privileges, disclose information, and tamper with data. NVIDIA’s security bulletin lists affected versions as all platforms on versions 0...
CVE-2026-57517
Control Web Panel prior to version 0.9.8.1225 is affected by CVE-2026-57517, a blind SQL injection via the userRes POST parameter at the user endpoint. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL queries, potentially leveraging MySQL root privileges obtained...
CVE-2026-24266
CVE-2026-24266 affects NVIDIA’s Triton Inference Server for Linux. The issue is a use-after-free vulnerability in the server (specific component not detailed in the provided documents) that can lead to a denial of service if exploited. NVIDIA’s security bulletin specifies affected versions are 0....
CVE-2026-24264
CVE-2026-24264 affects NVIDIA Triton Inference Server for Linux. The security bulletin documents that an attacker can cause improper handling of highly compressed data, with the impact being denial of service . The vulnerability is addressed by updating to Triton Server r26.04 or later . Affected...
CVE-2026-58026
MediaWiki vulnerability CVE-2026-58026 affects Wikimedia Foundation MediaWiki, specifically a bypass in wgNonincludableNamespaces via embedding a redirect in other namespaces, in files including/Parser/Parser.php. Affected versions are MediaWiki before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. The issu...
CVE-2026-8857
CVE-2026-8857 concerns a vulnerability in the Wikimedia Foundation timeline extension EasyTimeline. Affected are timeline versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. The issue is linked to the extension’s files scripts/EasyTimeline.Pl and includes/Timeline.Php. The connected documents do ...
CVE-2026-58038
The CVE-2026-58038 entry describes a Stored XSS vulnerability in the Wikimedia Foundation timeline component, caused by improper neutralization of input during web page generation. The issue concerns files including Timeline.Php and scripts/EasyTimeline.Pl and affects timeline builds prior to the...
CVE-2026-58027
CVE-2026-58027 affects Wikimedia Foundation AbuseFilter. The issue arises in the QueryAbuseFilters.Php API, allowing an unauthenticated actor to see the hit count of private filters, which is hidden in the UI. Affected are AbuseFilter versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. The CVSS b...
CVE-2026-24251
NVIDIA Megatron Bridge for Linux (CVE-2026-24251) is vulnerable due to improper control of dynamically managed code resources, enabling potential code execution, privilege escalation, data tampering, and information disclosure. The NVIDIA security bulletin confirms this CVE and states that updati...
CVE-2026-24250
NVIDIA Megatron Bridge for Linux (Megatron-Bridge) is affected by CVE-2026-24250 due to improper validation of allowed inputs. The NVIDIA security bulletin lists this CVE among a set of related deserialization and resource-management issues that may lead to code execution, privilege escalation, d...
CVE-2026-58030
Summary : CVE-2026-58030 is a stored XSS in Wikimedia Foundation’s SyntaxHighlight_GeSHi due to improper neutralization of input in the linelinks processing. Affected versions are before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. The issue is associated with the includes/SyntaxHighlight.Php component an...
CVE-2026-24249
CVE-2026-24249 affects NVIDIA Megatron Bridge for Linux and describes deserialization of untrusted data leading to potential code execution, privilege escalation, data tampering, and information disclosure. The NVIDIA security bulletin confirms this vulnerability is addressed in the security upda...
CVE-2026-24248
NVIDIA Megatron Bridge for Linux contains CVE-2026-24248: an attacker could cause improper control of code generation, potentially leading to code execution, privilege escalation, data tampering, and information disclosure. Affected product: Megatron Bridge for Linux. Root cause: improper control...
CVE-2026-24247
CVE-2026-24247 affects NVIDIA Megatron Bridge for Linux and is linked to deserialization of untrusted data, with potential for code execution, privilege escalation, data tampering, and information disclosure. The NVIDIA security bulletin notes mitigation by upgrading to version 0.4.1 or later (Me...
CVE-2026-58032
MediaWiki vulnerability CVE-2026-58032 is an XSS in mw.Api.getErrorMessage() that may return injected HTML when errorformat=html is not used. Affected: MediaWiki versions before 1.46.0, and earlier branches 1.45.4, 1.44.6, 1.43.9, due to improper neutralization in resources/src/mediawiki.Api/inde...
CVE-2026-24246
NVIDIA Megatron Bridge for Linux is affected by CVE-2026-24246, a vulnerability in the handling of dynamically managed code resources that could lead to code execution, privilege escalation, data tampering, and information disclosure. The NVIDIA security bulletin indicates the fix is included in ...
CVE-2026-24245
CVE-2026-24245 affects NVIDIA Megatron Bridge for Linux. The vulnerability involves deserialization of untrusted data and could lead to code execution, privilege escalation, data tampering, and information disclosure. Affected: Megatron-Bridge; root cause not explicitly detailed beyond the deseri...
CVE-2026-58033
CVE-2026-58033 affects Wikimedia Foundation MediaWiki and involves exposure of sensitive information via the includes/Actions/InfoAction.Php path. The issue impacts MediaWiki versions prior to 1.46.0, including 1.45.4, 1.44.6, and 1.43.9. The connected sources consistently describe the vulnerabil...
CVE-2026-24244
NVIDIA Megatron Bridge for Linux contains CVE-2026-24244, a deserialization of untrusted data vulnerability that can lead to code execution, privilege escalation, data tampering, and information disclosure. The NVIDIA security bulletin confirms affected product: Megatron-Bridge; updated versions ...
CVE-2026-8480
Stormshield Network Security versions affected: 4.3.0 to 4.3.41, 4.4.0 to 4.8.15, and 5.0.2 EA to 5.0.5. A revoked client certificate can still be used to authenticate to the captive-admin portal, allowing an attacker who possesses the revoked certificate to gain administrative access. CVSS v3.1 ...