369052 matches found
CVE-2026-58037
Summary: CVE-2026-58037 is a cross-site scripting vulnerability in MediaWiki’s log entry formatting code. The issue stems from improper input neutralization in log-related components (includes/Language/Language.php, includes/Logging/BlockLogFormatter.php, includes/Logging/LogFormatter.php, includ...
CVE-2026-24243
NVIDIA Megatron Bridge for Linux (CVE-2026-24243) is affected by a vulnerability in deserialization of untrusted data, potentially enabling code execution, privilege escalation, data tampering, and information disclosure. The issue arises in the Megatron Bridge software, with CVSSv3.1 base score ...
CVE-2026-24242
NVIDIA Megatron Bridge for Linux contains a vulnerability (CVE-2026-24242) that could allow a attacker to perform server-side request forgery, potentially leading to information disclosure. The NVIDIA security bulletin reassures that a software update to version 0.4.1 or later fixes this and othe...
CVE-2026-58036
The CVE-2026-58036 entry applies to Wikimedia Foundation MediaWiki. Affected components include ApiQueryAllUsers.php, ApiQueryUsers.php, PermissionManager.php, and UserGroupManager.php, with the underlying issue described as Exposure of Sensitive Information to an Unauthorized Actor. The known im...
CVE-2026-24240
Summary (CVE-2026-24240): NVIDIA Megatron Bridge for Linux contains a vulnerability that allows deserialization of untrusted data, potentially enabling code execution, privilege escalation, data tampering, and information disclosure. Root cause: insecure deserialization in the bridge component. A...
CVE-2026-58127
PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 (PacsgearMediaServerEngine.dll) with ObjectURIs RemoteObj and UIRemoteObj and no authentication. An unauthenticated attacker can exploit MarshalByRefObject unmarshalling and implement .NET WebClient methods to read/write ...
CVE-2025-23351
NVIDIA advisory for CVE-2025-23351: A vulnerability in the command interface on NVIDIA Networking BlueField and ConnectX allows a local user with VF access to cause an out-of-bounds write, enabling potential arbitrary code execution on the device. Affected products include BlueField GA (BlueField...
CVE-2026-58126
PACSgear PACS Scan 5.2.1 is affected by an unauthenticated remote code execution through an exposed .NET Remoting TCP service (port 22222). The vulnerability chain starts with PGImageExchQueue.exe allowing arbitrary file read/write via the service, which can be leveraged with DLL hijacking in PGI...
CVE-2025-15646
HTML::Gumbo for Perl before 0.19 is vulnerable to heap memory disclosure via type confusion when parsing documents containing a element. The issue arises because libgumbo’s walk_tree was not updated to support , causing the element to be treated as a text node and enabling strlen() over-read of ...
CVE-2025-23350
NVIDIA reports CVE-2025-23350 affecting ConnectX and BlueField through a vulnerability in the command interface that allows a local user with VF access to cause a write out of bounds via crafted input, potentially enabling arbitrary code execution on the device. The issue impacts devices with VF ...
CVE-2026-24260
Technical details about CVE-2026-24260 are not publicly available in the provided documents. Monitor for updates; no affected products, vulnerable components, impact, or remediation details are disclosed here.
CVE-2026-58024
CVE-2026-58024 affects MediaWiki prior to 1.46.0 and some earlier 1.45.x/1.44.x/1.43.x branches. The issue is tied to includes/Api/ApiUserrights.Php, enabling exposure of sensitive information to unauthorized actors via the API. Reported metrics show a CVSSv4 base score of 5.1 (Medium) with netwo...
CVE-2026-13707
CVE-2026-13707 describes a session fixation vulnerability in Wikimedia Foundation OAuth, associated with the file src/Backend/MWOAuthServer.Php. Affected versions include OAuth implementations up to 1.46.0, 1.45.4, 1.44.6, and 1.43.9. The connected documents do not provide explicit root-cause det...
CVE-2026-13706
The CVE pertains to Wikimedia Foundation’s UrlShortener extension, specifically a vulnerability in the UrlShortenerUtils.Php implementation. The issue is improper input validation caused by a discrepancy between PHP’s URL parsing and WHATWG URL parsing, enabling bypassing of validation in the Url...
CVE-2026-58399
The CVE affects @acastellon/auth (authentication control for microservices). Versions
CVE-2026-58031
The CVE-2026-58031 entry describes a stored XSS in MediaWiki (Wikimedia Foundation) via Special:ApiSandbox when a deprecated module is selected. Affected component: resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js; affected software version range: MediaWiki 1.46.0-rc.0 up to prior t...
CVE-2026-58034
The CVE-2026-58034 entry concerns a Stored XSS in Wikimedia Foundation CheckUser, caused by improper neutralization of input during web page generation. The issue is tied to the file modules/ext.CheckUser.TempAccounts/components/blockConnectedTempAccountsField.Vue and affects CheckUser versions f...
CVE-2026-6283
CVE-2026-6283 affects DivvyDrive Information Technologies Inc. DivvyDrive (versions 4.8.2.23 up to, but not including, 4.8.3.1) with a Stored XSS due to improper neutralization of input during web page generation. Risk is MEDIUM (CVSS 3.1: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N), requiring user inte...
CVE-2026-58035
The CVE describes a stored XSS in MediaWiki (Wikimedia Foundation) related to resources/src/mediawiki.Special.Block/SpecialBlock.Vue in the codex version of Special:Block. The issue arises from improper neutralization of user input during web page generation, enabling XSS via a system message. Af...
CVE-2026-5220
DivvyDrive Information Technologies Inc. DivvyDrive contains a Stored XSS vulnerability caused by improper neutralization of input during web page generation. Affected versions are 4.8.2.23 up to, but not including, 4.8.3.1. CVSS v3.1 base score 6.4 (Medium) with network attack vector, low attack...