| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-39837 | Stored XSS through the dynamic table format in Cargo | Wikimedia Foundation | Mediawiki - Cargo Extension | - | - | 2026-04-07 19:47:18 | Deep Dive |
| CVE-2026-39841 | Stored XSS through list fields on Cargo's page values and Special:CargoTables | Wikimedia Foundation | Mediawiki - Cargo Extension | - | - | 2026-04-07 19:43:48 | Deep Dive |
| CVE-2026-39840 | CSS injection in multiple Cargo display formats | Wikimedia Foundation | Mediawiki - Cargo Extension | - | - | 2026-04-07 19:35:36 | Deep Dive |
| CVE-2026-39839 | Stored XSS through URLs in Cargo's map format | Wikimedia Foundation | Mediawiki - Cargo Extension | - | - | 2026-04-07 19:29:11 | Deep Dive |
| CVE-2025-62671 | Stored XSS through wikitext in Cargo | The Wikimedia Foundation | Mediawiki - Cargo Extension | - | - | 2025-10-18 04:24:36 | Deep Dive |
| CVE-2025-62655 | SQL injection in Cargo via Special:CargoExport | The Wikimedia Foundation | MediaWiki Cargo extension | - | - | 2025-10-17 22:46:29 | Deep Dive |
| CVE-2024-47847 | Various XSSes found in Cargo | The Wikimedia Foundation | Mediawiki - Cargo | 中危 | - | 2024-10-05 00:47:24 | Deep Dive |
| CVE-2024-47846 | Special:DeleteCargoTable and Special:SwitchCargoTable have no CSRF protection | The Wikimedia Foundation | Mediawiki - Cargo | 中危 | - | 2024-10-05 00:39:58 | Deep Dive |
| CVE-2024-47849 | Backticks can allow the usage of not-allowed SQL functions | The Wikimedia Foundation | Mediawiki - Cargo | 中危 | - | 2024-10-05 00:29:44 | Deep Dive |
| CVE-2023-40030 | Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports | rust-lang | cargo | Medium | 6.1 | 2023-08-24 22:56:41 | Deep Dive |
| CVE-2023-38497 | Cargo not respecting umask when extracting crate archives | rust-lang | cargo | High | 7.9 | 2023-08-04 15:51:45 | Deep Dive |
| CVE-2023-27285 | IBM Aspera buffer overflow | IBM | Aspera Connect | High | 8.4 | 2023-06-04 23:52:11 | Deep Dive |
| CVE-2023-22862 | IBM Aspera information disclosure | IBM | Aspera Connect | Medium | 5.9 | 2023-06-04 23:42:57 | Deep Dive |
| CVE-2023-2065 | IDOR in Armoli Technology's Cargo Tracking System | Armoli Technology | Cargo Tracking System | High | 8.8 | 2023-05-24 12:04:41 | Deep Dive |
| CVE-2023-2155 | SourceCodester Air Cargo Management System cross site scripting | SourceCodester | Air Cargo Management System | Low | 2.4 | 2023-04-18 14:31:04 | Deep Dive |
| CVE-2023-1856 | SourceCodester Air Cargo Management System GET Parameter track_shipment.php sql injection | SourceCodester | Air Cargo Management System | Medium | 6.3 | 2023-04-05 07:40:18 | Deep Dive |
| CVE-2023-1740 | SourceCodester Air Cargo Management System GET Parameter manage_user.php sql injection | SourceCodester | Air Cargo Management System | Medium | 4.7 | 2023-03-30 21:00:06 | Deep Dive |
| CVE-2023-1564 | SourceCodester Air Cargo Management System GET Parameter update_status.php sql injection | SourceCodester | Air Cargo Management System | Medium | 6.3 | 2023-03-22 12:31:05 | Deep Dive |
| CVE-2022-46176 | Cargo did not verify SSH host keys | rust-lang | cargo | Medium | 5.3 | 2023-01-11 20:07:13 | Deep Dive |
| CVE-2022-36114 | Extracting malicious crates can fill the file system | rust-lang | cargo | Medium | 4.8 | 2022-09-14 00:00:00 | Deep Dive |