CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
An XSS vulnerability in MediaWiki and CentralAuth allows an attacker to inject malicious scripts into pages generated by the API. The issue affects multiple files including ApiFormatBase.php and ApiHelp.php.
A vulnerability in the Wikimedia Foundation AbuseFilter extension allows an unauthorized actor to access sensitive information. The issue is located in the file includes/Api/QueryAbuseFilters.php.
A vulnerability in MediaWiki allows an unauthorized actor to access sensitive information. The issue is located in the includes/Parser/Parser.php file and affects versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9.
Deserialization of untrusted data vulnerability in MediaWiki. The issue is present in files WikiImporter.php, WikiRevision.php, and LogEntryBase.php. Affects versions before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
A vulnerability in MediaWiki allows an unauthorized actor to access sensitive information via the includes/Api/ApiUserrights.php file. The issue affects versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9.
Control Web Panel before version 0.9.8.1225 contains a blind SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL queries by submitting unsanitized input through the userRes POST parameter at the user endpoint. Attackers can exploit MySQL root privileges obtained via the injection to write arbitrary files using INTO DUMPFILE, enabling deployment of a PHP webshell to the web-accessible roundcube logs directory and achieving remote code execution as the cwpsvc account.
The NVIDIA AIStore framework contains a vulnerability that allows authentication bypass. Successful exploitation could lead to denial of service, privilege escalation, information disclosure, and data tampering.
NVIDIA Triton Inference Server for Linux contains a use-after-free vulnerability that an attacker can exploit. Successful exploitation may lead to denial of service.
A vulnerability in NVIDIA Triton Inference Server for Linux allows an attacker to improperly handle highly compressed data. Successful exploitation of this flaw may lead to denial of service (DoS).
NVIDIA Container Toolkit for Linux contains a time-of-check time-of-use (TOCTOU) race condition vulnerability. Successful exploitation could lead to code execution, privilege escalation, and data tampering.
A vulnerability in NVIDIA Megatron Bridge for Linux allows an attacker to improperly control dynamically managed code resources. Successful exploitation could lead to code execution, privilege escalation, data tampering, and information disclosure.
A vulnerability in NVIDIA Megatron Bridge for Linux allows an attacker to cause improper validation of allowed inputs. Successful exploitation could lead to code execution, privilege escalation, data tampering, and information disclosure.
The NVIDIA Megatron Bridge for Linux contains a vulnerability that allows deserialization of untrusted data. Successful exploitation could lead to code execution, privilege escalation, data tampering, and information disclosure.
A vulnerability in NVIDIA Megatron Bridge for Linux allows an attacker to cause improper control of code generation. This could lead to code execution, privilege escalation, data tampering, and information disclosure.
A vulnerability in NVIDIA Megatron Bridge for Linux allows deserialization of untrusted data. An attacker could exploit this flaw to achieve code execution, privilege escalation, data tampering, and information disclosure.
A vulnerability in NVIDIA Megatron Bridge for Linux allows an attacker to improperly control dynamically managed code resources. Successful exploitation could lead to code execution, privilege escalation, data tampering, and information disclosure.
A vulnerability in NVIDIA Megatron Bridge for Linux allows deserialization of untrusted data. An attacker could exploit this flaw to achieve code execution, privilege escalation, data tampering, and information disclosure.
A vulnerability in NVIDIA Megatron Bridge for Linux allows deserialization of untrusted data. An attacker could exploit this flaw to achieve code execution, privilege escalation, data tampering, and information disclosure.
A vulnerability in NVIDIA Megatron Bridge for Linux allows deserialization of untrusted data. An attacker could exploit this flaw to achieve code execution, privilege escalation, data tampering, and information disclosure.
A vulnerability in NVIDIA Megatron Bridge for Linux allows an attacker to perform server-side request forgery (SSRF). Successful exploitation of this flaw could lead to information disclosure.

