Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.3 CVE-2026-58127

PACSgear MediaWriter 5.2.1 Unauthenticated RCE via .NET Remoting TCP Service_CVE-2026-58127

PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 via PacsgearMediaServerEngine.dll, registered with ObjectURIs RemoteObj...

Hyland PACSgear MediaWriter 5.2.1 CVE
CRITICAL 9.3 CVE-2026-58126

PACSgear PACS Scan 5.2.1 Unauthenticated RCE via .NET Remoting TCP Service_CVE-2026-58126

PACSgear PACS Scan 5.2.1 contains an unauthenticated remote code execution vulnerability that allows remote attackers to read and write arbitrary f...

Hyland PACSgear PACS Scan 5.2.1 CVE
LOW 2.1 CVE-2026-58036

Users API leaks whether privileged users have their user groups disabled for lack of 2FA_CVE-2026-58036

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with...

Wikimedia Foundation MediaWiki 1.46.0-rc.0 CVE
MEDIUM 5.3 CVE-2026-58033

“Total number of distinct authors” statistic at action=info does not exclude revisions where the author name was deleted_CVE-2026-58033

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with...

Wikimedia Foundation MediaWiki * CVE
MEDIUM 5.3 CVE-2026-58032

mw.Api.getErrorMessage() may return injected HTML if used without errorformat=html_CVE-2026-58032

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This...

Wikimedia Foundation MediaWiki * CVE
MEDIUM 5.3 CVE-2026-58030

SyntaxHighlight stored XSS via unsanitized ‘linelinks’ attribute_CVE-2026-58030

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation SyntaxHighlight_G...

Wikimedia Foundation SyntaxHighlight_GeSHi * CVE
MEDIUM 5.3 CVE-2026-58029

Full Account Takeover from BotPasswords and OAuth via action=changeauthenticationdata_CVE-2026-58029

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiChangeAuthenticationData.Php...

Wikimedia Foundation MediaWiki * CVE
MEDIUM 5.3 CVE-2026-58027

QueryAbuseFilter API can be used to see the hit count of private filters, which is hidden in the UI_CVE-2026-58027

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated wi...

Wikimedia Foundation AbuseFilter * CVE
MEDIUM 5.9 CVE-2026-58025

Remote Code Execution via Unsafe Deserialization in LogItem Import_CVE-2026-58025

Deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/I...

Wikimedia Foundation MediaWiki * CVE
MEDIUM 5.1 CVE-2026-58024

API identification of users on private wikis_CVE-2026-58024

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with...

Wikimedia Foundation MediaWiki * CVE