CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-58127
CriticalEPSS 51%

The vulnerability in PACSgear MediaWriter 5.2.1 is due to missing authentication in the .NET Remoting TCP service on port 9000. An unauthenticated attacker can remotely read and write arbitrary files on the host filesystem and then exploit missing DLLs to achieve remote code execution as SYSTEM.

CVE-2026-58126
CriticalEPSS 50%

PACSgear PACS Scan 5.2.1 contains an unauthenticated remote code execution vulnerability that allows remote attackers to read and write arbitrary files by exploiting an exposed .NET Remoting TCP service on port 22222 via PGImageExchQueue.exe without any authentication requirement. Attackers can chain the arbitrary file write primitive with DLL hijacking in PGImageExchangeQueueSvc.exe, which loads missing DLLs such as CRYPTSP.DLL from the application directory, to achieve remote code execution as NT Authority\SYSTEM upon service restart.

CVE-2026-58038
Unknown

Cross-Site Scripting (XSS) vulnerability in the Timeline extension for MediaWiki. The flaw is due to improper input neutralization during web page generation in includes/Timeline.php and scripts/EasyTimeline.pl.

CVE-2026-58037
Unknown

A cross-site scripting (XSS) vulnerability was found in MediaWiki due to improper input neutralization during page generation. It affects multiple files including Language.php and BlockLogFormatter.php, and impacts all versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9.

CVE-2026-58036
Low

A vulnerability in MediaWiki allows unauthorized actors to access sensitive information through the files ApiQueryAllUsers.php, ApiQueryUsers.php, PermissionManager.php, and UserGroupManager.php.

CVE-2026-58033
Medium

A vulnerability in MediaWiki allows an unauthorized actor to access sensitive information. The issue is located in the includes/Actions/InfoAction.php file.

CVE-2026-58032
Medium

A cross-site scripting (XSS) vulnerability exists in MediaWiki before versions 1.46.0, 1.45.4, 1.44.6, and 1.43.9 in the file resources/src/mediawiki.Api/index.js. Improper input neutralization during web page generation allows injection of malicious scripts.

CVE-2026-58030
Medium

An XSS vulnerability in the SyntaxHighlight_GeSHi extension for MediaWiki allows an attacker to inject malicious JavaScript code due to improper input neutralization during page generation. The issue is located in includes/SyntaxHighlight.php.

CVE-2026-58029
Medium

A vulnerability in MediaWiki allows an attacker to manipulate authentication data through API files and special pages. It affects versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9.

CVE-2026-58028
Unknown

An XSS vulnerability in MediaWiki and CentralAuth allows an attacker to inject malicious scripts into pages generated by the API. The issue affects multiple files including ApiFormatBase.php and ApiHelp.php.

CVE-2026-58027
Medium

A vulnerability in the Wikimedia Foundation AbuseFilter extension allows an unauthorized actor to access sensitive information. The issue is located in the file includes/Api/QueryAbuseFilters.php.

CVE-2026-58026
Unknown

A vulnerability in MediaWiki allows an unauthorized actor to access sensitive information. The issue is located in the includes/Parser/Parser.php file and affects versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9.

CVE-2026-58025
Medium

Deserialization of untrusted data vulnerability in MediaWiki. The issue is present in files WikiImporter.php, WikiRevision.php, and LogEntryBase.php. Affects versions before 1.46.0, 1.45.4, 1.44.6, 1.43.9.

CVE-2026-58024
Medium

A vulnerability in MediaWiki allows an unauthorized actor to access sensitive information via the includes/Api/ApiUserrights.php file. The issue affects versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9.

CVE-2026-57517
Critical

Control Web Panel before version 0.9.8.1225 contains a blind SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL queries by submitting unsanitized input through the userRes POST parameter at the user endpoint. Attackers can exploit MySQL root privileges obtained via the injection to write arbitrary files using INTO DUMPFILE, enabling deployment of a PHP webshell to the web-accessible roundcube logs directory and achieving remote code execution as the cwpsvc account.

CVE-2026-24270
CriticalEPSS 53%

The NVIDIA AIStore framework contains a vulnerability that allows authentication bypass. Successful exploitation could lead to denial of service, privilege escalation, information disclosure, and data tampering.

CVE-2026-24266
Medium

NVIDIA Triton Inference Server for Linux contains a use-after-free vulnerability that an attacker can exploit. Successful exploitation may lead to denial of service.

CVE-2026-24264
High

A vulnerability in NVIDIA Triton Inference Server for Linux allows an attacker to improperly handle highly compressed data. Successful exploitation of this flaw may lead to denial of service (DoS).

CVE-2026-24260
High

NVIDIA Container Toolkit for Linux contains a time-of-check time-of-use (TOCTOU) race condition vulnerability. Successful exploitation could lead to code execution, privilege escalation, and data tampering.

CVE-2026-24251
High

A vulnerability in NVIDIA Megatron Bridge for Linux allows an attacker to improperly control dynamically managed code resources. Successful exploitation could lead to code execution, privilege escalation, data tampering, and information disclosure.

PreviousPage 47 of 4505Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS