40 matches found
CVE-2025-6589
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php. This issue affects MediaWiki: = 1.42.0...
EUVD-2017-17754
Malware in sbrugna...
EUVD-2023-41206
Malicious code in bioql PyPI...
EUVD-2021-29032
Malicious code in bioql PyPI...
EUVD-2022-4203
Malicious code in bioql PyPI...
EUVD-2022-44937
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2014-1686
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation. CVE-2014-1686 Note that Nessus relies on the...
Linux Distros Unpatched Vulnerability : CVE-2023-3550
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a...
Linux Distros Unpatched Vulnerability : CVE-2021-41798
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page. CVE-2021-41798 Note...
CVE-2025-53480
The CVE-2025-53480 issue affects the MediaWiki CheckUser extension on the Special:Investigate page, Account information tab. Root cause: specific internationalized messages are rendered without proper escaping, enabling reflected XSS when an attacker appends ?uselang=x-xss to the URL. Affected ve...
CVE-2025-53478 CheckUser: Reflected Cross-Site Scripting (XSS) in Special:Investigate via unsanitized i18n messages
The CheckUser extension’s Special:Investigate interface is vulnerable to reflected XSS due to improper escaping of certain internationalized system messages rendered on the “IPs and User agents” tab. This issue affects Mediawiki - CheckUser extension: from 1.39.X before 1.39.13, from 1.42.X befor...
BIT-MEDIAWIKI-2024-34500
An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages in the $err var are not escaped before being passed to Html::rawElement in the getError function in the...
CVE-2024-40601
An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules...
CVE-2023-37304
An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature...
CVE-2022-28204
A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere⌖=Property%3AP31=1=1 can take more than thirty seconds. There is a DDoS risk...
CVE-2019-19709
MediaWiki through 1.33.1 allows attackers to bypass the Titleblacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page...
CVE-2025-32076
The CVE-2025-32076 entry describes an Improper Input Validation vulnerability in The Wikimedia Foundation MediaWiki Visual Data Extension, affecting versions 1.39 through 1.43. The underlying issue is improper input validation in the extension’s handling of user-provided data, which can be exploi...
CVE-2025-32076 Evil regex used to process user-provided data in VisualData
Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Visual Data Extension allows HTTP DoS.This issue affects Mediawiki - Visual Data Extension: from 1.39 through 1.43...
DEBIAN-CVE-2025-32699
Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2...
CVE-2025-32696
Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/actions/RevertAction.Php, includes/api/ApiFileRevert.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1...