27 matches found
USN-8315-1 mediawiki vulnerabilities
It was discovered that MediaWiki incorrectly handled group membership visibility in the OATHAuth extension. An authenticated attacker could use this issue to determine if other users had two-factor authentication enabled. CVE-2026-34087 It was discovered that MediaWiki incorrectly handled...
CVE-2026-34088 RecentChanges entries expose suppressed content via generated log page html
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...
CVE-2026-34088
CVE-2026-34088 (MediaWiki) is a disclosed exposure vulnerability affecting MediaWiki versions before 1.43.7, 1.44.4, and 1.45.2. The connected sources confirm a broad vulnerability family in MediaWiki leading to information disclosure to unauthorized actors. Debian’s advisory DSA-6208-1 notes mul...
CVE-2025-61639
A flaw was found in MediaWiki. This vulnerability, categorized as an Exposure of Sensitive Information to an Unauthorized Actor, allows an unauthorized individual to access sensitive data. The issue stems from how MediaWiki handles logging and recent changes, potentially leading to the disclosure...
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Overview mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others. Note: This package is not maintained on Packagist anymore, but newer releases exist. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an...
UBUNTU-CVE-2025-61639
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/ManualLogEntry.Php, includes/recentchanges/RecentChangeFactory.Php, includes/recentchanges/RecentChangeStore.Php. This...
CVE-2025-61646
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/RecentChanges/EnhancedChangesList.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1...
CVE-2025-61639
CVE-2025-61639 affects Wikimedia Foundation MediaWiki and concerns exposure of sensitive information to an unauthorized actor. The issue involves files in includes/logging/ManualLogEntry.Php, includes/recentchanges/RecentChangeFactory.Php, and includes/recentchanges/RecentChangeStore.Php, with af...
CVE-2025-61639 Suppressed blocked IP is visible in Special:BlockList, RC, and other places
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/ManualLogEntry.Php, includes/recentchanges/RecentChangeFactory.Php, includes/recentchanges/RecentChangeStore.Php. This...
CVE-2025-61639 Suppressed blocked IP is visible in Special:BlockList, RC, and other places
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/ManualLogEntry.Php, includes/recentchanges/RecentChangeFactory.Php, includes/recentchanges/RecentChangeStore.Php. This...
CVE-2025-61640
CVE-2025-61640 is a Cross-Site Scripting vulnerability in Wikimedia Foundation MediaWiki related to the file resources/src/mediawiki.Rcfilters/ui/RclToOrFromWidget.Js. It affects MediaWiki versions prior to 1.39.14, 1.43.4, and 1.44.1. The description in connected sources confirms an input handli...
CVE-2025-61640 Stored XSS through system messages in Special:RecentChangesLinked (MW Core)
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Rcfilters/ui/RclToOrFromWidget.Js. This issue affects MediaWiki: from before...
CVE-2025-61643
CVE-2025-61643 affects Wikimedia Foundation MediaWiki before versions 1.39.14, 1.43.4, and 1.44.1, with the issue tied to program files includes/recentchanges/RecentChangeRCFeedNotifier.Php. Debian advisories list broader issues in MediaWiki and provide fixes: bookworm in 1.39.17-1~deb12u1 and tr...
CVE-2025-61643 EventStreams publishes suppressed recent change entries that are suppressed from their creation
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/recentchanges/RecentChangeRCFeedNotifier.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1...
MGASA-2025-0260 Updated mediawiki packages fix security vulnerabilities
i18n XSS vulnerability in HTMLMultiSelectField when sections are used. CVE-2025-3469 "reupload-own" restriction can be bypassed by reverting file. CVE-2025-32696 Cascading protection is not preventing file reversions. CVE-2025-32697 LogPager.php: Restriction enforcer functions do not correctly...
PT-2025-42564
Name of the Vulnerable Software and Affected Versions mediawiki affected versions not specified Description The software potentially leaks hidden usernames in Watchlist and RecentChanges features. This could allow unauthorized access to user information. Recommendations At the moment, there is no...
CVE-2024-53079
CVE-2024-53079 affects the Linux kernel THP path (mm/thp): a fix for deferred split unqueue naming and locking aims to address races that could corrupt the THP deferred split queues and related memcg interactions. Under heavy load, long-standing races could lead to list_del corruptions, bad_page ...
UBUNTU-CVE-2024-34507
An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges%1b0000000...
UBUNTU-CVE-2021-30157
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter- label messages are output in HTML unescaped, leading to XSS...
CVE-2020-35474
In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML...