Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 5.3 CVE-2026-58032

mw.Api.getErrorMessage() may return injected HTML if used without errorformat=html_CVE-2026-58032

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This...

Wikimedia Foundation MediaWiki * CVE
MEDIUM 5.3 CVE-2026-58030

SyntaxHighlight stored XSS via unsanitized ‘linelinks’ attribute_CVE-2026-58030

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation SyntaxHighlight_G...

Wikimedia Foundation SyntaxHighlight_GeSHi * CVE
MEDIUM 5.3 CVE-2026-58029

Full Account Takeover from BotPasswords and OAuth via action=changeauthenticationdata_CVE-2026-58029

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiChangeAuthenticationData.Php...

Wikimedia Foundation MediaWiki * CVE
MEDIUM 5.3 CVE-2026-58027

QueryAbuseFilter API can be used to see the hit count of private filters, which is hidden in the UI_CVE-2026-58027

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated wi...

Wikimedia Foundation AbuseFilter * CVE
MEDIUM 5.9 CVE-2026-58025

Remote Code Execution via Unsafe Deserialization in LogItem Import_CVE-2026-58025

Deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/I...

Wikimedia Foundation MediaWiki * CVE
MEDIUM 5.1 CVE-2026-58024

API identification of users on private wikis_CVE-2026-58024

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with...

Wikimedia Foundation MediaWiki * CVE
CRITICAL 9.3 CVE-2026-57517

Control Web Panel < 0.9.8.1225 Blind SQL Injection via userRes Parameter_CVE-2026-57517

Control Web Panel before 0.9.8.1225 contains a blind SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary ...

Control Web Panel Control Web Panel 0.9.8.1225 CVE
CRITICAL 9.8 CVE-2026-24270

CVE-2026-24270_CVE-2026-24270

NVIDIA AIStore framework contains a vulnerability where an attacker could bypass authentication. A successful exploit of this vulnerability might l...

NVIDIA AIStore framework 0 - 4.4 CVE
MEDIUM 5.9 CVE-2026-24266

CVE-2026-24266_CVE-2026-24266

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause a use-after-free issue. A successful exploit of this ...

NVIDIA Triton Inference Server 0.0 - 26.03 CVE
HIGH 7.5 CVE-2026-24264

CVE-2026-24264_CVE-2026-24264

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause improper handling of highly compressed data. A succes...

NVIDIA Triton Inference Server 0.0 - 26.03 CVE