Wikimedia CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (83 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-22711	1 Wikimedia	1 Mediawiki-wikilove Extension	2026-04-09	N/A
Improper neutralization of alternate XSS syntax vulnerability in The Wikimedia Foundation Mediawiki - Wikilove Extension allows Cross-Site Scripting (XSS).The issue has been remediated on the `master` branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1.45.
CVE-2026-5762	1 Wikimedia	1 Mediawiki-reportincident Extension	2026-04-09	N/A
Allocation of resources without limits or throttling vulnerability in Wikimedia Foundation MediaWiki - ReportIncident Extension allows HTTP DoS. This issue was remediated only on the `master` branch.
CVE-2026-39838	1 Wikimedia	1 Mediawiki-proofreadpage Extension	2026-04-09	N/A
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage Extension allows XSS Targeting Non-Script Elements. The issue has been remediated on the `master` branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1.45.
CVE-2026-39937	1 Wikimedia	1 Mediawiki - Centralauth Extension	2026-04-09	N/A
Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure. The issue has been remediated on the `master` branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1.45.
CVE-2026-39933	1 Wikimedia	1 Mediawiki - Globalwatchlist Extension	2026-04-09	N/A
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - GlobalWatchlist Extension allows Cross-Site Scripting (XSS). The issue has been remediated on the `master` branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1.45.
CVE-2026-39934	1 Wikimedia	1 Mediawiki-growthexperiments Extension	2026-04-09	N/A
Loop with unreachable exit condition ('infinite loop') vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This issue was remediated only on the `master` branch.
CVE-2026-39936	1 Wikimedia	1 Mediawiki-score Extension	2026-04-09	N/A
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - Score Extension allows Cross-Site Scripting (XSS). The issue has been remediated on the `master` branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1.45.
CVE-2026-39839	1 Wikimedia	1 Mediawiki-cargo Extension	2026-04-09	N/A
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7.
CVE-2026-39840	1 Wikimedia	1 Mediawiki-cargo Extension	2026-04-09	N/A
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension: before 3.8.7.
CVE-2026-39841	1 Wikimedia	1 Mediawiki-cargo Extension	2026-04-09	N/A
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7.
CVE-2026-39837	1 Wikimedia	1 Mediawiki-cargo Extension	2026-04-09	N/A
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7.
CVE-2025-61641	2 Mediawiki, Wikimedia	2 Mediawiki, Mediawiki	2026-03-25	6.1 Medium
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiQueryAllPages.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.
CVE-2025-61642	2 Mediawiki, Wikimedia	2 Mediawiki, Mediawiki	2026-03-25	6.1 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/CodexHTMLForm.Php, includes/htmlform/fields/HTMLButtonField.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.
CVE-2025-61643	2 Mediawiki, Wikimedia	2 Mediawiki, Mediawiki	2026-03-25	6.1 Medium
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/recentchanges/RecentChangeRCFeedNotifier.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.
CVE-2025-11261	2 Mediawiki, Wikimedia	2 Mediawiki, Mediawiki	2026-03-25	6.1 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Language/mediawiki.Language.Js. This issue affects MediaWiki: from * before 1.39.15, 1.43.5, 1.44.2.
CVE-2025-61646	2 Mediawiki, Wikimedia	2 Mediawiki, Mediawiki	2026-03-25	5.4 Medium
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/RecentChanges/EnhancedChangesList.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.
CVE-2025-61634	2 Mediawiki, Wikimedia	2 Mediawiki, Mediawiki	2026-03-17	3.1 Low
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Rest/Handler/PageHTMLHandler.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.
CVE-2025-61636	2 Mediawiki, Wikimedia	2 Mediawiki, Mediawiki	2026-03-16	4.8 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLButtonField.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.
CVE-2025-61637	2 Mediawiki, Wikimedia	2 Mediawiki, Mediawiki	2026-03-16	4.8 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Action/mediawiki.Action.Edit.Preview.Js, resources/src/mediawiki.Page.Preview.Js. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.
CVE-2025-61638	2 Mediawiki, Wikimedia	2 Mediawiki, Parsoid	2026-03-16	4.8 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid. This vulnerability is associated with program files includes/parser/Sanitizer.Php, src/Core/Sanitizer.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1; Parsoid: from * before 0.16.6, 0.20.4, 0.21.1.

Page 1 of 5. next last »