369819 matches found
CVE-2026-57517
Control Web Panel prior to version 0.9.8.1225 is affected by CVE-2026-57517, a blind SQL injection via the userRes POST parameter at the user endpoint. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL queries, potentially leveraging MySQL root privileges obtained...
CVE-2026-24266
CVE-2026-24266 affects NVIDIA’s Triton Inference Server for Linux. The issue is a use-after-free vulnerability in the server (specific component not detailed in the provided documents) that can lead to a denial of service if exploited. NVIDIA’s security bulletin specifies affected versions are 0....
CVE-2026-24264
CVE-2026-24264 affects NVIDIA Triton Inference Server for Linux. The security bulletin documents that an attacker can cause improper handling of highly compressed data, with the impact being denial of service . The vulnerability is addressed by updating to Triton Server r26.04 or later . Affected...
CVE-2026-58026
CVE-2026-58026 affects MediaWiki. Affects releases before 1.46.0, 1.45.4, 1.44.6, 1.43.9, with information disclosure through includes/Parser/Parser.Php. Debian advisory DSA-6380-1 fixes multiple MediaWiki CVEs, including CVE-2026-58026, in stable (trixie) as 1:1.43.9+dfsg-1~deb13u1. No exploit d...
CVE-2026-8857
The CVE-2026-8857 entry concerns a vulnerability in the Wikimedia Foundation timeline, affecting the Timeline extension components: program files scripts/EasyTimeline.Pl and includes/Timeline.Php. Affected versions are before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. The available sources do not specif...
CVE-2026-58038
The CVE-2026-58038 issue affects the Wikimedia Foundation Timeline component and is caused by improper neutralization of input during web page generation, enabling cross-site scripting via Timeline.Php and scripts/EasyTimeline.Pl. Reported impacts include information disclosure, session hijacking...
CVE-2026-58027
CVE-2026-58027 affects Wikimedia Foundation AbuseFilter. The issue arises in the QueryAbuseFilters.Php API, allowing an unauthenticated actor to see the hit count of private filters, which is hidden in the UI. Affected are AbuseFilter versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. The CVSS b...
CVE-2026-24251
NVIDIA Megatron Bridge for Linux (CVE-2026-24251) is vulnerable due to improper control of dynamically managed code resources, enabling potential code execution, privilege escalation, data tampering, and information disclosure. The NVIDIA security bulletin confirms this CVE and states that updati...
CVE-2026-24250
NVIDIA Megatron Bridge for Linux (Megatron-Bridge) is affected by CVE-2026-24250 due to improper validation of allowed inputs. The NVIDIA security bulletin lists this CVE among a set of related deserialization and resource-management issues that may lead to code execution, privilege escalation, d...
CVE-2026-58030
Summary : CVE-2026-58030 is a stored XSS in Wikimedia Foundation’s SyntaxHighlight_GeSHi due to improper neutralization of input in the linelinks processing. Affected versions are before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. The issue is associated with the includes/SyntaxHighlight.Php component an...
CVE-2026-24249
CVE-2026-24249 affects NVIDIA Megatron Bridge for Linux and describes deserialization of untrusted data leading to potential code execution, privilege escalation, data tampering, and information disclosure. The NVIDIA security bulletin confirms this vulnerability is addressed in the security upda...
CVE-2026-24248
NVIDIA Megatron Bridge for Linux contains CVE-2026-24248: an attacker could cause improper control of code generation, potentially leading to code execution, privilege escalation, data tampering, and information disclosure. Affected product: Megatron Bridge for Linux. Root cause: improper control...
CVE-2026-24247
CVE-2026-24247 affects NVIDIA Megatron Bridge for Linux and is linked to deserialization of untrusted data, with potential for code execution, privilege escalation, data tampering, and information disclosure. The NVIDIA security bulletin notes mitigation by upgrading to version 0.4.1 or later (Me...
CVE-2026-58032
MediaWiki vulnerability CVE-2026-58032 is an XSS in mw.Api.getErrorMessage() that may return injected HTML when errorformat=html is not used. Affected: MediaWiki versions before 1.46.0, and earlier branches 1.45.4, 1.44.6, 1.43.9, due to improper neutralization in resources/src/mediawiki.Api/inde...
CVE-2026-24246
NVIDIA Megatron Bridge for Linux is affected by CVE-2026-24246, a vulnerability in the handling of dynamically managed code resources that could lead to code execution, privilege escalation, data tampering, and information disclosure. The NVIDIA security bulletin indicates the fix is included in ...
CVE-2026-24245
CVE-2026-24245 affects NVIDIA Megatron Bridge for Linux. The vulnerability involves deserialization of untrusted data and could lead to code execution, privilege escalation, data tampering, and information disclosure. Affected: Megatron-Bridge; root cause not explicitly detailed beyond the deseri...
CVE-2026-58033
CVE-2026-58033 affects Wikimedia Foundation MediaWiki and involves exposure of sensitive information via the includes/Actions/InfoAction.Php path. The issue impacts MediaWiki versions prior to 1.46.0, including 1.45.4, 1.44.6, and 1.43.9. The connected sources consistently describe the vulnerabil...
CVE-2026-24244
NVIDIA Megatron Bridge for Linux contains CVE-2026-24244, a deserialization of untrusted data vulnerability that can lead to code execution, privilege escalation, data tampering, and information disclosure. The NVIDIA security bulletin confirms affected product: Megatron-Bridge; updated versions ...
CVE-2026-8480
Stormshield Network Security versions affected: 4.3.0 to 4.3.41, 4.4.0 to 4.8.15, and 5.0.2 EA to 5.0.5. A revoked client certificate can still be used to authenticate to the captive-admin portal, allowing an attacker who possesses the revoked certificate to gain administrative access. CVSS v3.1 ...
CVE-2026-58037
MediaWiki up to versions older than 1.46.0 (including 1.45.4, 1.44.6, 1.43.9) is affected by CVE-2026-58037, an XSS in log/locale-related rendering code (files such as includes/Language/Language.php and several LogFormatter classes) that allows improper neutralization of user input during web pag...