CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
The vulnerability in PACSgear MediaWriter 5.2.1 is due to missing authentication in the .NET Remoting TCP service on port 9000. An unauthenticated attacker can remotely read and write arbitrary files on the host filesystem and then exploit missing DLLs to achieve remote code execution as SYSTEM.
PACSgear PACS Scan 5.2.1 contains an unauthenticated remote code execution vulnerability that allows remote attackers to read and write arbitrary files by exploiting an exposed .NET Remoting TCP service on port 22222 via PGImageExchQueue.exe without any authentication requirement. Attackers can chain the arbitrary file write primitive with DLL hijacking in PGImageExchangeQueueSvc.exe, which loads missing DLLs such as CRYPTSP.DLL from the application directory, to achieve remote code execution as NT Authority\SYSTEM upon service restart.
Cross-Site Scripting (XSS) vulnerability in the Timeline extension for MediaWiki. The flaw is due to improper input neutralization during web page generation in includes/Timeline.php and scripts/EasyTimeline.pl.
A cross-site scripting (XSS) vulnerability was found in MediaWiki due to improper input neutralization during page generation. It affects multiple files including Language.php and BlockLogFormatter.php, and impacts all versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9.
A vulnerability in MediaWiki allows unauthorized actors to access sensitive information through the files ApiQueryAllUsers.php, ApiQueryUsers.php, PermissionManager.php, and UserGroupManager.php.
A vulnerability in MediaWiki allows an unauthorized actor to access sensitive information. The issue is located in the includes/Actions/InfoAction.php file.
A cross-site scripting (XSS) vulnerability exists in MediaWiki before versions 1.46.0, 1.45.4, 1.44.6, and 1.43.9 in the file resources/src/mediawiki.Api/index.js. Improper input neutralization during web page generation allows injection of malicious scripts.
An XSS vulnerability in the SyntaxHighlight_GeSHi extension for MediaWiki allows an attacker to inject malicious JavaScript code due to improper input neutralization during page generation. The issue is located in includes/SyntaxHighlight.php.
A vulnerability in MediaWiki allows an attacker to manipulate authentication data through API files and special pages. It affects versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9.
An XSS vulnerability in MediaWiki and CentralAuth allows an attacker to inject malicious scripts into pages generated by the API. The issue affects multiple files including ApiFormatBase.php and ApiHelp.php.
A vulnerability in the Wikimedia Foundation AbuseFilter extension allows an unauthorized actor to access sensitive information. The issue is located in the file includes/Api/QueryAbuseFilters.php.
A vulnerability in MediaWiki allows an unauthorized actor to access sensitive information. The issue is located in the includes/Parser/Parser.php file and affects versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9.
Deserialization of untrusted data vulnerability in MediaWiki. The issue is present in files WikiImporter.php, WikiRevision.php, and LogEntryBase.php. Affects versions before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
A vulnerability in MediaWiki allows an unauthorized actor to access sensitive information via the includes/Api/ApiUserrights.php file. The issue affects versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9.
Control Web Panel before version 0.9.8.1225 contains a blind SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL queries by submitting unsanitized input through the userRes POST parameter at the user endpoint. Attackers can exploit MySQL root privileges obtained via the injection to write arbitrary files using INTO DUMPFILE, enabling deployment of a PHP webshell to the web-accessible roundcube logs directory and achieving remote code execution as the cwpsvc account.
The NVIDIA AIStore framework contains a vulnerability that allows authentication bypass. Successful exploitation could lead to denial of service, privilege escalation, information disclosure, and data tampering.
NVIDIA Triton Inference Server for Linux contains a use-after-free vulnerability that an attacker can exploit. Successful exploitation may lead to denial of service.
A vulnerability in NVIDIA Triton Inference Server for Linux allows an attacker to improperly handle highly compressed data. Successful exploitation of this flaw may lead to denial of service (DoS).
NVIDIA Container Toolkit for Linux contains a time-of-check time-of-use (TOCTOU) race condition vulnerability. Successful exploitation could lead to code execution, privilege escalation, and data tampering.
A vulnerability in NVIDIA Megatron Bridge for Linux allows an attacker to improperly control dynamically managed code resources. Successful exploitation could lead to code execution, privilege escalation, data tampering, and information disclosure.

