π¨ CVE-2026-24260
NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use race condition. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, and data tampering.
π@cveNotify
NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use race condition. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, and data tampering.
π@cveNotify
GitHub
product-security/2026/5850 at main Β· NVIDIA/product-security
Starting October 1, 2025, NVIDIA PSIRT will publish an initial set of security bulletins on GitHub in Markdown, CSAF, and CVE formats. Coverage will expand over time, while all bulletins remain ava...
π¨ CVE-2026-24264
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause improper handling of highly compressed data. A successful exploit of this vulnerability might lead to denial of service.
π@cveNotify
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause improper handling of highly compressed data. A successful exploit of this vulnerability might lead to denial of service.
π@cveNotify
GitHub
product-security/2026/5848 at main Β· NVIDIA/product-security
Starting October 1, 2025, NVIDIA PSIRT will publish an initial set of security bulletins on GitHub in Markdown, CSAF, and CVE formats. Coverage will expand over time, while all bulletins remain ava...
π¨ CVE-2026-24266
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause a use-after-free issue. A successful exploit of this vulnerability might lead to denial of service.
π@cveNotify
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause a use-after-free issue. A successful exploit of this vulnerability might lead to denial of service.
π@cveNotify
GitHub
product-security/2026/5848 at main Β· NVIDIA/product-security
Starting October 1, 2025, NVIDIA PSIRT will publish an initial set of security bulletins on GitHub in Markdown, CSAF, and CVE formats. Coverage will expand over time, while all bulletins remain ava...
π¨ CVE-2026-24270
NVIDIA AIStore framework contains a vulnerability where an attacker could bypass authentication. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering.
π@cveNotify
NVIDIA AIStore framework contains a vulnerability where an attacker could bypass authentication. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering.
π@cveNotify
GitHub
product-security/2026/5849 at main Β· NVIDIA/product-security
Starting October 1, 2025, NVIDIA PSIRT will publish an initial set of security bulletins on GitHub in Markdown, CSAF, and CVE formats. Coverage will expand over time, while all bulletins remain ava...
π¨ CVE-2026-57517
Control Web Panel before 0.9.8.1225 contains a blind SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL queries by submitting unsanitized input through the userRes POST parameter at the user endpoint. Attackers can exploit MySQL root privileges obtained via the injection to write arbitrary files using INTO DUMPFILE, enabling deployment of a PHP webshell to the web-accessible roundcube logs directory and achieving remote code execution as the cwpsvc account.
π@cveNotify
Control Web Panel before 0.9.8.1225 contains a blind SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL queries by submitting unsanitized input through the userRes POST parameter at the user endpoint. Attackers can exploit MySQL root privileges obtained via the injection to write arbitrary files using INTO DUMPFILE, enabling deployment of a PHP webshell to the web-accessible roundcube logs directory and achieving remote code execution as the cwpsvc account.
π@cveNotify
π¨ CVE-2026-58024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
This vulnerability is associated with program files includes/Api/ApiUserrights.Php.
This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
π@cveNotify
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
This vulnerability is associated with program files includes/Api/ApiUserrights.Php.
This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
π@cveNotify
π¨ CVE-2026-58025
Deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki.
This vulnerability is associated with program files includes/Import/WikiImporter.Php, includes/Import/WikiRevision.Php, includes/Logging/LogEntryBase.Php.
This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
π@cveNotify
Deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki.
This vulnerability is associated with program files includes/Import/WikiImporter.Php, includes/Import/WikiRevision.Php, includes/Logging/LogEntryBase.Php.
This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
π@cveNotify
π¨ CVE-2026-58026
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
This vulnerability is associated with program files includes/Parser/Parser.Php.
This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
π@cveNotify
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
This vulnerability is associated with program files includes/Parser/Parser.Php.
This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
π@cveNotify
π¨ CVE-2026-58027
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter.
This vulnerability is associated with program files includes/Api/QueryAbuseFilters.Php.
This issue affects AbuseFilter: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
π@cveNotify
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter.
This vulnerability is associated with program files includes/Api/QueryAbuseFilters.Php.
This issue affects AbuseFilter: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
π@cveNotify
π¨ CVE-2026-58028
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation CentralAuth.
This vulnerability is associated with program files includes/Api/ApiFormatBase.Php, includes/Api/ApiHelp.Php, includes/ResourceLoader/Module.Php, includes/Hooks/Handlers/PageDisplayHookHandler.Php, includes/LogFormatter/PermissionChangeLogFormatter.Php.
This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9; CentralAuth: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation CentralAuth.
This vulnerability is associated with program files includes/Api/ApiFormatBase.Php, includes/Api/ApiHelp.Php, includes/ResourceLoader/Module.Php, includes/Hooks/Handlers/PageDisplayHookHandler.Php, includes/LogFormatter/PermissionChangeLogFormatter.Php.
This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9; CentralAuth: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
π@cveNotify
π¨ CVE-2026-58029
Vulnerability in Wikimedia Foundation MediaWiki.
This vulnerability is associated with program files includes/Api/ApiChangeAuthenticationData.Php, includes/Api/ApiLinkAccount.Php, includes/Api/ApiRemoveAuthenticationData.Php, includes/Specials/SpecialLinkAccounts.Php, includes/Specials/SpecialUnlinkAccounts.Php.
This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
π@cveNotify
Vulnerability in Wikimedia Foundation MediaWiki.
This vulnerability is associated with program files includes/Api/ApiChangeAuthenticationData.Php, includes/Api/ApiLinkAccount.Php, includes/Api/ApiRemoveAuthenticationData.Php, includes/Specials/SpecialLinkAccounts.Php, includes/Specials/SpecialUnlinkAccounts.Php.
This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
π@cveNotify
π¨ CVE-2026-58030
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation SyntaxHighlight_GeSHi.
This vulnerability is associated with program files includes/SyntaxHighlight.Php.
This issue affects SyntaxHighlight_GeSHi: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation SyntaxHighlight_GeSHi.
This vulnerability is associated with program files includes/SyntaxHighlight.Php.
This issue affects SyntaxHighlight_GeSHi: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
π@cveNotify
π¨ CVE-2026-58033
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
This vulnerability is associated with program files includes/Actions/InfoAction.Php.
This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
π@cveNotify
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
This vulnerability is associated with program files includes/Actions/InfoAction.Php.
This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
π@cveNotify
π¨ CVE-2026-58036
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
This vulnerability is associated with program files includes/Api/ApiQueryAllUsers.Php, includes/Api/ApiQueryUsers.Php, includes/Permissions/PermissionManager.Php, includes/User/UserGroupManager.Php.
π@cveNotify
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki.
This vulnerability is associated with program files includes/Api/ApiQueryAllUsers.Php, includes/Api/ApiQueryUsers.Php, includes/Permissions/PermissionManager.Php, includes/User/UserGroupManager.Php.
π@cveNotify
π¨ CVE-2026-58037
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki.
This vulnerability is associated with program files includes/Language/Language.Php, includes/Logging/BlockLogFormatter.Php, includes/Logging/LogFormatter.Php, includes/Logging/PatrolLogFormatter.Php, includes/Logging/RenameuserLogFormatter.Php, includes/Logging/TagLogFormatter.Php, includes/Specials/SpecialVersion.Php.
This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki.
This vulnerability is associated with program files includes/Language/Language.Php, includes/Logging/BlockLogFormatter.Php, includes/Logging/LogFormatter.Php, includes/Logging/PatrolLogFormatter.Php, includes/Logging/RenameuserLogFormatter.Php, includes/Logging/TagLogFormatter.Php, includes/Specials/SpecialVersion.Php.
This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
π@cveNotify
π¨ CVE-2026-58038
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation timeline.
This vulnerability is associated with program files includes/Timeline.Php, scripts/EasyTimeline.Pl.
This issue affects timeline: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation timeline.
This vulnerability is associated with program files includes/Timeline.Php, scripts/EasyTimeline.Pl.
This issue affects timeline: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
π@cveNotify
π¨ CVE-2026-58126
PACSgear PACS Scan 5.2.1 contains an unauthenticated remote code execution vulnerability that allows remote attackers to read and write arbitrary files by exploiting an exposed .NET Remoting TCP service on port 22222 via PGImageExchQueue.exe without any authentication requirement. Attackers can chain the arbitrary file write primitive with DLL hijacking in PGImageExchangeQueueSvc.exe, which loads missing DLLs such as CRYPTSP.DLL from the application directory, to achieve remote code execution as NT Authority\SYSTEM upon service restart.
π@cveNotify
PACSgear PACS Scan 5.2.1 contains an unauthenticated remote code execution vulnerability that allows remote attackers to read and write arbitrary files by exploiting an exposed .NET Remoting TCP service on port 22222 via PGImageExchQueue.exe without any authentication requirement. Attackers can chain the arbitrary file write primitive with DLL hijacking in PGImageExchangeQueueSvc.exe, which loads missing DLLs such as CRYPTSP.DLL from the application directory, to achieve remote code execution as NT Authority\SYSTEM upon service restart.
π@cveNotify
Gist
PACSGEAR PACS Scan - Unauthenticated Arbitrary File Read/Write + RCE via .NET Remoting
PACSGEAR PACS Scan - Unauthenticated Arbitrary File Read/Write + RCE via .NET Remoting - PACSGEAR-PACSScanAFR-NETRemoting.md
π¨ CVE-2026-8480
A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (included)
A revoked client certificate can still be used to authenticate to the captiveβadmin portal, allowing an attacker who possesses the revoked certificate to gain administrative access.
π@cveNotify
A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (included)
A revoked client certificate can still be used to authenticate to the captiveβadmin portal, allowing an attacker who possesses the revoked certificate to gain administrative access.
π@cveNotify
π¨ CVE-2026-8857
A vulnerability in Wikimedia Foundation timeline.
This vulnerability is associated with program files scripts/EasyTimeline.Pl, includes/Timeline.Php.
This issue affects timeline: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
π@cveNotify
A vulnerability in Wikimedia Foundation timeline.
This vulnerability is associated with program files scripts/EasyTimeline.Pl, includes/Timeline.Php.
This issue affects timeline: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
π@cveNotify
π¨ CVE-2026-12480
Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the `H5IOStore._verify_dataset()` and `file_editor.py` methods, which fail to check the `dataset.is_virtual` property of HDF5 datasets. This allows an attacker to craft a malicious `.keras` model archive or `.h5` weights file containing a Virtual Dataset (VDS) that references external HDF5 files on the victim's filesystem. When the victim loads the model using `keras.models.load_model()` or `keras.saving.load_model()`, the external file is transparently read, leading to potential information disclosure. Fixed in versions 3.12.2 and 3.14.1.
π@cveNotify
Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the `H5IOStore._verify_dataset()` and `file_editor.py` methods, which fail to check the `dataset.is_virtual` property of HDF5 datasets. This allows an attacker to craft a malicious `.keras` model archive or `.h5` weights file containing a Virtual Dataset (VDS) that references external HDF5 files on the victim's filesystem. When the victim loads the model using `keras.models.load_model()` or `keras.saving.load_model()`, the external file is transparently read, leading to potential information disclosure. Fixed in versions 3.12.2 and 3.14.1.
π@cveNotify
GitHub
Refactor and share H5 validation code between legacy and new format. β¦ Β· keras-team/keras@d5a88bd
β¦(#22801)
π¨ CVE-2026-13211
The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the βServiceβ or βAdminβ role.
π@cveNotify
The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the βServiceβ or βAdminβ role.
π@cveNotify
GitHub
advisories/2026/SBA-ADV-20260424-01_Genucenter_Disclosure_of_SNMP_Credentials at public Β· sbaresearch/advisories
Security advisories by SBA Research. Contribute to sbaresearch/advisories development by creating an account on GitHub.