CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-58028
Unknown

An XSS vulnerability in MediaWiki and CentralAuth allows an attacker to inject malicious scripts into pages generated by the API. The issue affects multiple files including ApiFormatBase.php and ApiHelp.php.

CVE-2026-58027
Medium

A vulnerability in the Wikimedia Foundation AbuseFilter extension allows an unauthorized actor to access sensitive information. The issue is located in the file includes/Api/QueryAbuseFilters.php.

CVE-2026-58026
Unknown

A vulnerability in MediaWiki allows an unauthorized actor to access sensitive information. The issue is located in the includes/Parser/Parser.php file and affects versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9.

CVE-2026-58025
Medium

Deserialization of untrusted data vulnerability in MediaWiki. The issue is present in files WikiImporter.php, WikiRevision.php, and LogEntryBase.php. Affects versions before 1.46.0, 1.45.4, 1.44.6, 1.43.9.

CVE-2026-58024
Medium

A vulnerability in MediaWiki allows an unauthorized actor to access sensitive information via the includes/Api/ApiUserrights.php file. The issue affects versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9.

CVE-2026-57517
Critical

Control Web Panel before version 0.9.8.1225 contains a blind SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL queries by submitting unsanitized input through the userRes POST parameter at the user endpoint. Attackers can exploit MySQL root privileges obtained via the injection to write arbitrary files using INTO DUMPFILE, enabling deployment of a PHP webshell to the web-accessible roundcube logs directory and achieving remote code execution as the cwpsvc account.

CVE-2026-24270
CriticalEPSS 53%

The NVIDIA AIStore framework contains a vulnerability that allows authentication bypass. Successful exploitation could lead to denial of service, privilege escalation, information disclosure, and data tampering.

CVE-2026-24266
Medium

NVIDIA Triton Inference Server for Linux contains a use-after-free vulnerability that an attacker can exploit. Successful exploitation may lead to denial of service.

CVE-2026-24264
High

A vulnerability in NVIDIA Triton Inference Server for Linux allows an attacker to improperly handle highly compressed data. Successful exploitation of this flaw may lead to denial of service (DoS).

CVE-2026-24260
High

NVIDIA Container Toolkit for Linux contains a time-of-check time-of-use (TOCTOU) race condition vulnerability. Successful exploitation could lead to code execution, privilege escalation, and data tampering.

CVE-2026-24251
High

A vulnerability in NVIDIA Megatron Bridge for Linux allows an attacker to improperly control dynamically managed code resources. Successful exploitation could lead to code execution, privilege escalation, data tampering, and information disclosure.

CVE-2026-24250
High

A vulnerability in NVIDIA Megatron Bridge for Linux allows an attacker to cause improper validation of allowed inputs. Successful exploitation could lead to code execution, privilege escalation, data tampering, and information disclosure.

CVE-2026-24249
High

The NVIDIA Megatron Bridge for Linux contains a vulnerability that allows deserialization of untrusted data. Successful exploitation could lead to code execution, privilege escalation, data tampering, and information disclosure.

CVE-2026-24248
High

A vulnerability in NVIDIA Megatron Bridge for Linux allows an attacker to cause improper control of code generation. This could lead to code execution, privilege escalation, data tampering, and information disclosure.

CVE-2026-24247
High

A vulnerability in NVIDIA Megatron Bridge for Linux allows deserialization of untrusted data. An attacker could exploit this flaw to achieve code execution, privilege escalation, data tampering, and information disclosure.

CVE-2026-24246
High

A vulnerability in NVIDIA Megatron Bridge for Linux allows an attacker to improperly control dynamically managed code resources. Successful exploitation could lead to code execution, privilege escalation, data tampering, and information disclosure.

CVE-2026-24245
High

A vulnerability in NVIDIA Megatron Bridge for Linux allows deserialization of untrusted data. An attacker could exploit this flaw to achieve code execution, privilege escalation, data tampering, and information disclosure.

CVE-2026-24244
High

A vulnerability in NVIDIA Megatron Bridge for Linux allows deserialization of untrusted data. An attacker could exploit this flaw to achieve code execution, privilege escalation, data tampering, and information disclosure.

CVE-2026-24243
High

A vulnerability in NVIDIA Megatron Bridge for Linux allows deserialization of untrusted data. An attacker could exploit this flaw to achieve code execution, privilege escalation, data tampering, and information disclosure.

CVE-2026-24242
High

A vulnerability in NVIDIA Megatron Bridge for Linux allows an attacker to perform server-side request forgery (SSRF). Successful exploitation of this flaw could lead to information disclosure.

PreviousPage 49 of 4514Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS