CVE-2026-29788

creationtimestamp| type| source ---|---|--- 2026-03-04 20:21:07+00:00| published-proof-of-concept| https://github.com/miraheze/TSPortal/security/advisories/GHSA-gfhq-7499-f3f2...

EUVD-2020-26489

Malware in sbrugna...

EUVD-2024-26877

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-15251

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Channelmgnt plug-in for Sopel a Python IRC bot before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass...

CVE-2024-29897

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users with delete or suppressrevision on any wiki in the farm to access suppressed wiki requests by going to the request's entry on Special:RequestWikiQueue on the wiki where they have these rights. T...

ManageWiki 授权问题漏洞

ManageWiki is an open source extension for Miraheze. A license issue vulnerability exists in ManageWiki, which stems from improper extension management and could result in restricted extensions being automatically disabled...

CVE-2020-5302

MH-WikiBot an IRC Bot for interacting with the Miraheze API, had a bug that allowed any unprivileged user to access the steward commands on the IRC interface by impersonating the Nickname used by a privileged user as no check was made to see if they were logged in. The issue has been fixed in...

ImportDump 安全漏洞

ImportDump is an open source application from Miraheze. A security vulnerability exists in ImportDump, which stems from the fact that a user on another wiki can act as the original wiki requester if the user on the other wiki happens to have the same participant ID as a user on this wiki...

ImportDump 安全漏洞

ImportDump is an open source application from Miraheze. A security vulnerability exists in ImportDump, which stems from the fact that anyone who can edit wiki interface strings can embed cross-site scripting in date messages...

IncidentReporting 安全漏洞

IncidentReporting is an open source MediaWiki-based incident reporting form from Miraheze. IncidentReporting has a security vulnerability that stems from various cross-site scripting issues...

CVE-2024-47781

CreateWiki is an extension used at Miraheze for requesting & creating wikis. The name of requested wikis is not escaped on Special:RequestWikiQueue, so a user can insert arbitrary HTML that is displayed in the request wiki queue when requesting a wiki. If a wiki creator comes across the XSS...

CVE-2024-47781 Cross-site Scripting (XSS) in Special:RequestWikiQueue when displaying sitename in CreateWiki

CreateWiki is an extension used at Miraheze for requesting & creating wikis. The name of requested wikis is not escaped on Special:RequestWikiQueue, so a user can insert arbitrary HTML that is displayed in the request wiki queue when requesting a wiki. If a wiki creator comes across the XSS...

CVE-2024-47781 Cross-site Scripting (XSS) in Special:RequestWikiQueue when displaying sitename in CreateWiki

CreateWiki is an extension used at Miraheze for requesting & creating wikis. The name of requested wikis is not escaped on Special:RequestWikiQueue, so a user can insert arbitrary HTML that is displayed in the request wiki queue when requesting a wiki. If a wiki creator comes across the XSS...

CVE-2024-47781

The CVE-2024-47781 issue affects the CreateWiki extension used on Miraheze. It is a cross-site scripting vulnerability where the wiki name on Special:RequestWikiQueue is not escaped, allowing insertion of arbitrary HTML that is displayed in the request wiki queue. If a wiki creator encounters the...

CVE-2024-47781 Cross-site Scripting (XSS) in Special:RequestWikiQueue when displaying sitename in CreateWiki

CreateWiki is an extension used at Miraheze for requesting & creating wikis. The name of requested wikis is not escaped on Special:RequestWikiQueue, so a user can insert arbitrary HTML that is displayed in the request wiki queue when requesting a wiki. If a wiki creator comes across the XSS...

WikiDiscover 安全漏洞

WikiDiscover is a Miraheze open source extension for CreateWiki hosted farms. A security vulnerability exists in WikiDiscover that stems from not performing any escaping of the wiki's name or description. An attacker exploited the vulnerability to perform a cross-site scripting attack...

CreateWiki 跨站脚本漏洞

CreateWiki is an extension to the Miraheze open source. A cross-site scripting vulnerability exists in CreateWiki. An attacker exploiting this vulnerability could retrieve deleted wiki requests, which often contain sensitive information...

DataDump 安全漏洞

DataDump is a Miraheze open source extension that provides wiki dumps. A security vulnerability exists in DataDump. An attacker exploited the vulnerability to execute a cross-site scripting attack...

CVE-2024-34701

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made...

CVE-2024-34701 CreateWiki vulnerable to impersonation of wiki requester

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made...