PT-2026-30974

Improper neutralization of alternate XSS syntax vulnerability in The Wikimedia Foundation Mediawiki - Wikilove Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - Wikilove Extension: 1.43.7, 1.44.4, 1.45.2...

CVE-2025-67475

CVE-2025-67475 is a Stored XSS issue in Wikimedia MediaWiki, linked to improper neutralization in includes/CommentFormatter/CommentParser.Php, affecting MediaWiki versions < 1.39.16, < 1.43.6, < 1.44.3, and

CVE-2025-61637

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Action/mediawiki.Action.Edit.Preview.Js, resources/src/mediawiki.Page.Preview.Js...

CVE-2025-61639

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/ManualLogEntry.Php, includes/recentchanges/RecentChangeFactory.Php, includes/recentchanges/RecentChangeStore.Php. This...

CVE-2025-6590

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLUserTextField.Php. This issue affects MediaWiki: from through 1.39.12, 1.42.76 1.43.1, 1.44.0...

CVE-2025-6927

CVE-2025-6927 affects Wikimedia Foundation MediaWiki components BlockListPager.Php and ApiQueryBlocks.Php, enabling information exposure via autoblocks/global suppressions. Affected versions include MediaWiki core releases 1.42.x prior to 1.39.13, 1.42.7–1.43.2, and 1.44.0; remediation is to upgr...

EUVD-2015-8499

Malware in sbrugna...

EUVD-2023-49665

Malicious code in bioql PyPI...

EUVD-2024-20693

Malicious code in bioql PyPI...

EUVD-2022-2043

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-25815

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names f...

Linux Distros Unpatched Vulnerability : CVE-2020-15005

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the imgauth.php image...

Linux Distros Unpatched Vulnerability : CVE-2021-30157

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and...

CVE-2025-53480 CheckUser: Reflected Cross-Site Scripting (XSS) in Special:Investigate (Account information tab) via unsanitized i18n messages

The CheckUser extension’s Special:Investigate page has a vulnerability in the Account information tab, where specific internationalized messages are rendered without proper escaping. Attackers can exploit this by appending ?uselang=x-xss to the URL, causing reflected XSS when the UI renders...

CVE-2025-53478

The CheckUser extension’s Special:Investigate interface is vulnerable to reflected XSS due to improper escaping of certain internationalized system messages rendered on the “IPs and User agents” tab. This issue affects Mediawiki - CheckUser extension: from 1.39.X before 1.39.13, from 1.42.X befor...

CVE-2025-53486 WikiCategoryTagCloud: Reflected Cross-Site Scripting (XSS) via linkstyle attribute in parser function

The WikiCategoryTagCloud extension is vulnerable to reflected XSS via the linkstyle attribute, which is improperly concatenated into inline HTML without escaping. An attacker can inject JavaScript event handlers such as onmouseenter using carefully crafted input via the tag:tagcloud parser...

Wikimedia Mediawiki - AbuseFilter Extension 安全漏洞

Wikimedia Mediawiki - AbuseFilter Extension is an abuse filter from the Wikimedia Foundation. A security vulnerability exists in Wikimedia Mediawiki - AbuseFilter Extension versions prior to 1.39.13, prior to 1.42.7, and prior to 1.43.2, which stems from a lack of authorization and could lead to...

PT-2025-28178 · Unknown +1 · Approvedrevs Extension +1

Name of the Vulnerable Software and Affected Versions: ApprovedRevs extension for MediaWiki versions 1.39.X through 1.39.12 ApprovedRevs extension for MediaWiki versions 1.42.X through 1.42.6 ApprovedRevs extension for MediaWiki versions 1.43.X through 1.43.1 Description: The issue is related to...

BIT-MEDIAWIKI-2024-34502

An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will attempt to make an edit that merges the from-id to the to-id, even if the request was not a POST request, and even if it does not contain an edit...

CVE-2024-23174

An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-format-placeholder,...