EUVD-2026-29062

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation CheckUser. This issue affects CheckUser: from 1.45.0 before 1.45.2...

CVE-2026-34089

Vulnerability in Wikimedia Foundation Scribunto. This issue affects Scribunto: from 1.45.0 before 1.45.2...

PT-2026-33203

Name of the Vulnerable Software and Affected Versions Scribunto versions 1.45.0 through 1.45.1 Description A security issue exists in the Wikimedia Foundation Scribunto software. Recommendations Update to version 1.45.2...

PT-2026-33204

Name of the Vulnerable Software and Affected Versions Wikimedia Foundation CheckUser versions 1.45.0 through 1.45.1 Description An issue exists that allows the exposure of sensitive information to an unauthorized actor. Recommendations Update to version 1.45.2...

Arbitrary Code Injection

Amendment This was deemed not a vulnerability. Overview es-toolkit is an A state-of-the-art, high-performance JavaScript utility library with a small bundle size and strong type annotations. Affected versions of this package are vulnerable to Arbitrary Code Injection. The template function in...

CVE-2025-67483

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Page.Preview.Js. This issue affects MediaWiki: from before 1.43.6, 1.44.3, 1.45.1...

CVE-2025-67481

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.JqueryMsg/mediawiki.JqueryMsg.Js. This issue affects MediaWiki: from before 1.39.1...

CVE-2025-67476

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/ImportableOldRevisionImporter.Php. This issue affects MediaWiki: from before 1.44.3, 1.45.1...

UBUNTU-CVE-2025-67476

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/ImportableOldRevisionImporter.Php. This issue affects MediaWiki: from before 1.44.3, 1.45.1...

UBUNTU-CVE-2025-67475

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/CommentFormatter/CommentParser.Php. This issue affects MediaWiki: from before 1.39.16, 1.43.6,...

CVE-2025-67481 mw.message(…).parse() doesn't output safe HTML, but it's being used as if it does

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.JqueryMsg/mediawiki.JqueryMsg.Js. This issue affects MediaWiki: from before 1.39.1...

CVE-2025-67481 mw.message(…).parse() doesn't output safe HTML, but it's being used as if it does

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.JqueryMsg/mediawiki.JqueryMsg.Js. This issue affects MediaWiki: from before 1.39.1...

CVE-2025-67482 Lua segfault in unpack()

Vulnerability in Wikimedia Foundation Scribunto, Wikimedia Foundation luasandbox. This vulnerability is associated with program files includes/Engines/LuaCommon/lualib/mwInit.Lua, library.C. This issue affects Scribunto: from before 1.39.16, 1.43.6, 1.44.3, 1.45.1; luasandbox: from before...

CVE-2025-67482

Vulnerability in Wikimedia Foundation Scribunto, Wikimedia Foundation luasandbox. This vulnerability is associated with program files includes/Engines/LuaCommon/lualib/mwInit.Lua, library.C. This issue affects Scribunto: from before 1.39.16, 1.43.6, 1.44.3, 1.45.1; luasandbox: from before...

CVE-2025-67483

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Page.Preview.Js. This issue affects MediaWiki: from before 1.43.6, 1.44.3, 1.45.1...

EUVD-2025-206647

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Page.Preview.Js. This issue affects MediaWiki: from before 1.43.6, 1.44.3, 1.45.1...

CVE-2025-67484

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiFormatXml.Php. This issue affects MediaWiki: from before 1.39.16, 1.43.6, 1.44.3, 1.45.1...

CVE-2025-67480 list=allrevisions can be used to bypass Extension:Lockdown

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryRevisionsBase.Php. This issue affects MediaWiki: from before 1.39.16, 1.43.6, 1.44.3, 1.45.1...

EUVD-2025-206649

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryRevisionsBase.Php. This issue affects MediaWiki: from before 1.39.16, 1.43.6, 1.44.3, 1.45.1...

CVE-2025-67475 Stored XSS through edit summaries in MW Core

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/CommentFormatter/CommentParser.Php. This issue affects MediaWiki: from before 1.39.16, 1.43.6,...