CVE tracker
344 subscribers
4.68K links
News monitoring: @irnewsagency

Main channel: @orgsecuritygate

Site: SecurityGate.org
Download Telegram
CVE-2026-58033 - "Total number of distinct authors" statistic at action=info does not exclude revisions where the author name was deleted

CVE ID :CVE-2026-58033
Published : July 1, 2026, 2:54 p.m. | 38 minutes ago
Description :Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Actions/InfoAction.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24245 - NVIDIA Megatron Bridge: Untrusted Deserialization

CVE ID :CVE-2026-24245
Published : July 1, 2026, 2:55 p.m. | 37 minutes ago
Description :NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24246 - NVIDIA Megatron Bridge: Improper Control of Dynamically Managed Code Resources

CVE ID :CVE-2026-24246
Published : July 1, 2026, 2:56 p.m. | 36 minutes ago
Description :NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-58032 - mw.Api.getErrorMessage() may return injected HTML if used without errorformat=html

CVE ID :CVE-2026-58032
Published : July 1, 2026, 2:56 p.m. | 36 minutes ago
Description :Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Api/index.Js. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24247 - NVIDIA Megatron Bridge: Deserialization of Untrusted Data

CVE ID :CVE-2026-24247
Published : July 1, 2026, 2:56 p.m. | 36 minutes ago
Description :NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24248 - NVIDIA Megatron Bridge Improper Control of Code Generation Vulnerability

CVE ID :CVE-2026-24248
Published : July 1, 2026, 2:57 p.m. | 35 minutes ago
Description :NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24249 - NVIDIA Megatron Bridge Deserialization Vulnerability

CVE ID :CVE-2026-24249
Published : July 1, 2026, 2:57 p.m. | 35 minutes ago
Description :NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-58030 - SyntaxHighlight stored XSS via unsanitized 'linelinks' attribute

CVE ID :CVE-2026-58030
Published : July 1, 2026, 2:58 p.m. | 34 minutes ago
Description :Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation SyntaxHighlight_GeSHi. This vulnerability is associated with program files includes/SyntaxHighlight.Php. This issue affects SyntaxHighlight_GeSHi: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24250 - NVIDIA Megatron Bridge: Improper Input Validation Leading to Code Execution and Privilege Escalation

CVE ID :CVE-2026-24250
Published : July 1, 2026, 2:58 p.m. | 34 minutes ago
Description :NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper validation of allowed inputs. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24251 - NVIDIA Megatron Bridge: Improper Control of Dynamically Managed Code Resources

CVE ID :CVE-2026-24251
Published : July 1, 2026, 2:58 p.m. | 34 minutes ago
Description :NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-58027 - QueryAbuseFilter API can be used to see the hit count of private filters, which is hidden in the UI

CVE ID :CVE-2026-58027
Published : July 1, 2026, 3:01 p.m. | 32 minutes ago
Description :Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/Api/QueryAbuseFilters.Php. This issue affects AbuseFilter: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-58038 - Stored XSS through javascript URLs in SVGs generated by EasyTimeline

CVE ID :CVE-2026-58038
Published : July 1, 2026, 3:04 p.m. | 29 minutes ago
Description :Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation timeline. This vulnerability is associated with program files includes/Timeline.Php, scripts/EasyTimeline.Pl. This issue affects timeline: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
Severity: 0.0 | NONE
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8857 - Full RCE using EasyTimeline Extension

CVE ID :CVE-2026-8857
Published : July 1, 2026, 3:08 p.m. | 24 minutes ago
Description :A vulnerability in Wikimedia Foundation timeline. This vulnerability is associated with program files scripts/EasyTimeline.Pl, includes/Timeline.Php. This issue affects timeline: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
Severity: 0.0 | NONE
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-58026 - $wgNonincludableNamespaces can be bypassed by embedding redirect in other namespaces

CVE ID :CVE-2026-58026
Published : July 1, 2026, 3:10 p.m. | 22 minutes ago
Description :Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Parser/Parser.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
Severity: 0.0 | NONE
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24264 - NVIDIA Triton Inference Server Denial of Service

CVE ID :CVE-2026-24264
Published : July 1, 2026, 3:11 p.m. | 21 minutes ago
Description :NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause improper handling of highly compressed data. A successful exploit of this vulnerability might lead to denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24266 - NVIDIA Triton Inference Server Use-After-Free

CVE ID :CVE-2026-24266
Published : July 1, 2026, 3:11 p.m. | 21 minutes ago
Description :NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause a use-after-free issue. A successful exploit of this vulnerability might lead to denial of service.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57517 - Control Web Panel < 0.9.8.1225 Blind SQL Injection via userRes Parameter

CVE ID :CVE-2026-57517
Published : July 1, 2026, 3:11 p.m. | 21 minutes ago
Description :Control Web Panel before 0.9.8.1225 contains a blind SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL queries by submitting unsanitized input through the userRes POST parameter at the user endpoint. Attackers can exploit MySQL root privileges obtained via the injection to write arbitrary files using INTO DUMPFILE, enabling deployment of a PHP webshell to the web-accessible roundcube logs directory and achieving remote code execution as the cwpsvc account.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24270 - NVIDIA AIStore Authentication Bypass

CVE ID :CVE-2026-24270
Published : July 1, 2026, 3:12 p.m. | 21 minutes ago
Description :NVIDIA AIStore framework contains a vulnerability where an attacker could bypass authentication. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-58028 - Pretty-printed API output combined with centralauthtoken allows XSS with certain gadgets

CVE ID :CVE-2026-58028
Published : July 1, 2026, 3:15 p.m. | 17 minutes ago
Description :Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation CentralAuth. This vulnerability is associated with program files includes/Api/ApiFormatBase.Php, includes/Api/ApiHelp.Php, includes/ResourceLoader/Module.Php, includes/Hooks/Handlers/PageDisplayHookHandler.Php, includes/LogFormatter/PermissionChangeLogFormatter.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9; CentralAuth: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
Severity: 0.0 | NONE
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-58029 - Full Account Takeover from BotPasswords and OAuth via action=changeauthenticationdata

CVE ID :CVE-2026-58029
Published : July 1, 2026, 3:19 p.m. | 13 minutes ago
Description :Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiChangeAuthenticationData.Php, includes/Api/ApiLinkAccount.Php, includes/Api/ApiRemoveAuthenticationData.Php, includes/Specials/SpecialLinkAccounts.Php, includes/Specials/SpecialUnlinkAccounts.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-58025 - Remote Code Execution via Unsafe Deserialization in LogItem Import

CVE ID :CVE-2026-58025
Published : July 1, 2026, 3:23 p.m. | 9 minutes ago
Description :Deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/WikiImporter.Php, includes/Import/WikiRevision.Php, includes/Logging/LogEntryBase.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...