Browse CVEs

This vulnerability in MediaWiki's EnhancedChangesList.php allows attackers to potentially execute unauthorized actions or access sensitive data throug...

This CVE describes a cross-site scripting (XSS) vulnerability in Wikimedia Foundation's CheckUser extension. It allows attackers to inject malicious s...

This vulnerability in Wikimedia Foundation's CheckUser extension allows unauthorized access to user information. It affects systems running CheckUser ...

This is a cross-site scripting (XSS) vulnerability in Wikimedia Foundation's CheckUser extension that allows attackers to inject malicious scripts int...

This vulnerability in Wikimedia Foundation's OATHAuth extension allows attackers to bypass two-factor authentication (2FA) controls. It affects MediaW...

This is a cross-site scripting (XSS) vulnerability in MediaWiki's JavaScript language module that allows attackers to inject malicious scripts into we...

A vulnerability in Brocade SANnav's update-reports-purge-settings.sh script logs the database password to system audit logs. This allows authenticated...

This vulnerability allows attackers to intercept Notepad++ update traffic and replace legitimate updates with malicious installers. When users update ...

This vulnerability in MediaWiki's ApiQueryAllPages.php allows attackers to potentially access or manipulate page data through the API. It affects Medi...

This CVE describes a cross-site scripting (XSS) vulnerability in MediaWiki's HTML form components that allows attackers to inject malicious scripts in...

This vulnerability in MediaWiki's RecentChangeRCFeedNotifier.php allows attackers to execute arbitrary code or cause denial of service through imprope...

This CVE describes a cross-site scripting (XSS) vulnerability in MediaWiki's WatchlistTopSectionWidget.js component. It allows attackers to inject mal...

This vulnerability in Wikimedia Foundation's CheckUser extension allows unauthorized access to user information through the UserInfoHandler API endpoi...

This vulnerability in Wikimedia Foundation's ConfirmEdit extension allows attackers to bypass CAPTCHA protection mechanisms. It affects all installati...

This is a cross-site scripting (XSS) vulnerability in MediaWiki's HTMLButtonField.php that allows attackers to inject malicious scripts into web pages...

This is a cross-site scripting (XSS) vulnerability in MediaWiki's edit preview functionality. Attackers can inject malicious scripts that execute in u...

This is a cross-site scripting (XSS) vulnerability in MediaWiki and Parsoid that allows attackers to inject malicious scripts into web pages. It affec...

This CVE describes an information disclosure vulnerability in MediaWiki where sensitive information can be exposed to unauthorized users. The vulnerab...

This is a cross-site scripting (XSS) vulnerability in MediaWiki's RclToOrFromWidget.js component that allows attackers to inject malicious scripts int...

This vulnerability in MediaWiki's PageHTMLHandler.php allows attackers to execute unauthorized actions through the REST API. It affects all MediaWiki ...

Signal K Server versions prior to 2.20.3 on Windows systems contain a path traversal vulnerability in the applicationData API. Authenticated users can...

This vulnerability allows remote code execution in Group-Office by exploiting improper input validation in the MaintenanceController's zipLanguage act...

A stored cross-site scripting (XSS) vulnerability exists in Talishar's in-game chat system where the playerID parameter in SubmitChat.php is saved wit...

PolarLearn's OAuth 2.0 implementation for GitHub and Google login is vulnerable to Login CSRF due to missing state parameter validation. This allows a...

This timing attack vulnerability in PolarLearn allows unauthenticated attackers to enumerate valid user email addresses by measuring login response ti...

This vulnerability in jsPDF allows attackers to cause denial of service by providing malicious BMP files with large width/height values in their heade...

This vulnerability in Matrix homeserver software allows a malicious remote server to trick a vulnerable server into signing arbitrary events during us...

This vulnerability in jsPDF allows attackers to inject arbitrary PDF objects, including JavaScript actions, through user-controlled input to specific ...

OpenClaw (formerly Clawdbot) versions prior to 2026.1.29 contain a command injection vulnerability in the Docker sandbox execution mechanism. Authenti...

OpenList Frontend versions before 4.1.10 contain a path traversal vulnerability in file operation handlers that allows authenticated attackers to bypa...

OpenList Frontend versions before 4.1.10 have TLS certificate verification disabled by default for storage communications, allowing Man-in-the-Middle ...

This reflected XSS vulnerability in FacturaScripts allows attackers to inject malicious scripts into error messages that get executed in users' browse...

A stored XSS vulnerability in FacturaScripts allows attackers to inject malicious JavaScript into the Observations field, which executes when administ...

This CSRF vulnerability in Tuleap allows attackers to trick authenticated users into performing unauthorized actions, specifically creating artifact l...

CVE-2026-24040 is a concurrency vulnerability in jsPDF's addJS method that causes cross-user data leakage. When multiple users generate PDFs simultane...

This vulnerability in jsPDF allows attackers to inject arbitrary XML metadata into generated PDFs by controlling the first argument of the addMetadata...

OpenTelemetry-Go SDK versions v1.20.0 through v1.39.0 on macOS/Darwin systems are vulnerable to path hijacking attacks. An attacker with local access ...

A heap overflow vulnerability in Rizin allows attackers to execute arbitrary code or cause denial of service by tricking users into analyzing maliciou...

The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 exposes the ModelBuilder HMAC signing key in cleartext via the DescribeTrainingJob API. Thi...

This vulnerability in Amazon SageMaker Python SDK disables TLS certificate verification when importing Triton Python models, allowing HTTPS connection...

BuhoCleaner version 1.15.2 contains an insecure XPC service that allows local, unprivileged users to execute arbitrary code with root privileges. This...

This XSS vulnerability in MediaWiki's ApiSandbox.js allows attackers to inject malicious scripts into web pages viewed by other users. It affects Medi...

This CVE describes a cross-site scripting (XSS) vulnerability in Wikimedia Foundation's MultimediaViewer component. Attackers can inject malicious scr...

This is a cross-site scripting (XSS) vulnerability in Wikimedia's Vector skin that allows attackers to inject malicious scripts into web pages. It aff...

This vulnerability in MediaWiki's AuthManager.php allows attackers to bypass authentication mechanisms under specific conditions. It affects all Media...

This vulnerability in MediaWiki's block list functionality could allow attackers to access sensitive information or perform unauthorized actions. It a...