369243 matches found
CVE-2026-58454
Affected product : JAIOTlink C492A-W6 Wi‑Fi IP cameras running firmware 4.8.30.57701411. Vulnerability : remote code execution via the authenticated /Anyka/config HTTP endpoint. Root cause / vector : attackers with authentication can write to writable persistent JFFS2 storage, stage a malicious s...
CVE-2026-58453
JAIOTlink C492A-W6 Wi‑Fi IP cameras (firmware 4.8.30.57701411) are affected by CVE-2026-58453 due to hard-coded credentials. An attacker on the network can authenticate to the anyka_ipc HTTP service (port 80) using the default admin username with an empty password, gaining unauthorized access to ...
CVE-2026-58452
The CVE covers JAIOTlink C492A-W6 Wi‑Fi IP cameras running firmware 4.8.30.57701411. Affected component is the NetSDK/Factory SetMAC HTTP PUT endpoint. The root cause is an OS command injection where a malicious Wireless parameter (starting with a MAC-like prefix, then a semicolon and a shell pay...
CVE-2026-58025
CVE-2026-58025 describes a deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki. Affected are MediaWiki versions before 1.46.0, including 1.45.4, 1.44.6, and 1.43.9. The issue is linked to deserialization in files: includes/Import/WikiImporter.Php, includes/Import/Wik...
CVE-2026-58029
CVE-2026-58029 affects Wikimedia Foundation MediaWiki and enables a full account takeover via BotPasswords and OAuth through action=changeauthenticationdata. Affected versions are MediaWiki: before 1.46.0, 1.45.4, 1.44.6, 1.43.9. The issue involves the API and Special pages: ApiChangeAuthenticati...
CVE-2026-58028
The CVE-2026-58028 entry describes an XSS flaw in Wikimedia Foundation MediaWiki and CentralAuth, caused by improper neutralization of input during web page generation. Affected software includes MediaWiki (pre-1.46.0, 1.45.4, 1.44.6, 1.43.9) and CentralAuth (same version bounds). The issue impli...
CVE-2026-17747
Technical details for CVE-2026-17747 are not publicly available in the provided documents. This CVE entry appears reserved/placeholder. Monitor for updates from the responsible party.
CVE-2026-35801
Technical details for CVE-2026-35801 are not publicly available in the provided documents; monitor for updates.
CVE-2026-24270
CVE-2026-24270 affects NVIDIA AIStore framework. The issue, described as an authentication bypass, could allow an attacker to cause denial of service, escalate privileges, disclose information, and tamper with data. NVIDIA’s security bulletin lists affected versions as all platforms on versions 0...
CVE-2026-57517
Control Web Panel prior to version 0.9.8.1225 is affected by CVE-2026-57517, a blind SQL injection via the userRes POST parameter at the user endpoint. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL queries, potentially leveraging MySQL root privileges obtained...
CVE-2026-24266
CVE-2026-24266 affects NVIDIA’s Triton Inference Server for Linux. The issue is a use-after-free vulnerability in the server (specific component not detailed in the provided documents) that can lead to a denial of service if exploited. NVIDIA’s security bulletin specifies affected versions are 0....
CVE-2026-24264
CVE-2026-24264 affects NVIDIA Triton Inference Server for Linux. The security bulletin documents that an attacker can cause improper handling of highly compressed data, with the impact being denial of service . The vulnerability is addressed by updating to Triton Server r26.04 or later . Affected...
CVE-2026-58026
MediaWiki vulnerability CVE-2026-58026 affects Wikimedia Foundation MediaWiki, specifically a bypass in wgNonincludableNamespaces via embedding a redirect in other namespaces, in files including/Parser/Parser.php. Affected versions are MediaWiki before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. The issu...
CVE-2026-8857
CVE-2026-8857 concerns a vulnerability in the Wikimedia Foundation timeline extension EasyTimeline. Affected are timeline versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. The issue is linked to the extension’s files scripts/EasyTimeline.Pl and includes/Timeline.Php. The connected documents do ...
CVE-2026-58038
The CVE-2026-58038 entry describes a Stored XSS vulnerability in the Wikimedia Foundation timeline component, caused by improper neutralization of input during web page generation. The issue concerns files including Timeline.Php and scripts/EasyTimeline.Pl and affects timeline builds prior to the...
CVE-2026-58027
CVE-2026-58027 affects Wikimedia Foundation AbuseFilter. The issue arises in the QueryAbuseFilters.Php API, allowing an unauthenticated actor to see the hit count of private filters, which is hidden in the UI. Affected are AbuseFilter versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. The CVSS b...
CVE-2026-24251
NVIDIA Megatron Bridge for Linux (CVE-2026-24251) is vulnerable due to improper control of dynamically managed code resources, enabling potential code execution, privilege escalation, data tampering, and information disclosure. The NVIDIA security bulletin confirms this CVE and states that updati...
CVE-2026-24250
NVIDIA Megatron Bridge for Linux (Megatron-Bridge) is affected by CVE-2026-24250 due to improper validation of allowed inputs. The NVIDIA security bulletin lists this CVE among a set of related deserialization and resource-management issues that may lead to code execution, privilege escalation, d...
CVE-2026-58030
Summary : CVE-2026-58030 is a stored XSS in Wikimedia Foundation’s SyntaxHighlight_GeSHi due to improper neutralization of input in the linelinks processing. Affected versions are before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. The issue is associated with the includes/SyntaxHighlight.Php component an...
CVE-2026-24249
CVE-2026-24249 affects NVIDIA Megatron Bridge for Linux and describes deserialization of untrusted data leading to potential code execution, privilege escalation, data tampering, and information disclosure. The NVIDIA security bulletin confirms this vulnerability is addressed in the security upda...