CVE-2026-39937

Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure. The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1....

CVE-2025-6927 Autoblocks from global account suppressions are publicly visible

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php, includes/api/ApiQueryBlocks.Php. This issue affects MediaWiki: from = 1.42.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0...

CVE-2025-11175

Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue affects Mediawiki - DiscussionTools Extensio...

UBUNTU-CVE-2025-11175

Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue affects Mediawiki - DiscussionTools Extensio...

CVE-2025-11175 DiscussionTools should use better regex

Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue affects Mediawiki - DiscussionTools Extensio...

EUVD-2025-206571

Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue affects Mediawiki - DiscussionTools Extensio...

CVE-2026-22714

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - Monaco Skin allows Cross-Site Scripting XSS.This issue affects Mediawiki - Monaco Skin: 1.45, 1.44, 1.43, 1.39...

CVE-2026-0671

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki - UploadWizard extension allows Cross-Site Scripting XSS.This issue affects MediaWiki - UploadWizard extension: 1.45, 1.44, 1.43, 1.39...

CVE-2026-0817

Missing Authorization vulnerability in Wikimedia Foundation MediaWiki - CampaignEvents extension allows Privilege Abuse.This issue affects MediaWiki - CampaignEvents extension: 1.45, 1.44, 1.43, 1.39...

CVE-2026-22714

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - Monaco Skin allows Cross-Site Scripting XSS.This issue affects Mediawiki - Monaco Skin: 1.45, 1.44, 1.43, 1.39...

CVE-2026-22710

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - Wikibase Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - Wikibase Extension: 1.45, 1.44, 1.43, 1.39...

CVE-2026-22712 ApprovedRevs allows bypassing the inline CSS sanitizer

Improper Encoding or Escaping of Output due to magic word replacement in ParserAfterTidy vulnerability in The Wikimedia Foundation Mediawiki - ApprovedRevs Extension allows Input Data Manipulation.This issue affects Mediawiki - ApprovedRevs Extension: 1.45, 1.44, 1.43, 1.39...

MediaWiki - GrowthExperiments Extension 安全漏洞

MediaWiki - GrowthExperiments Extension is an open source plugin for MediaWiki. A security vulnerability exists in MediaWiki - GrowthExperiments Extension versions 1.45, 1.44, 1.43, and 1.39, which stems from improper input neutralization and could lead to a cross-site scripting attack...

MediaWiki - CampaignEvents 安全漏洞

MediaWiki - CampaignEvents is an open source community events plugin for MediaWiki. A security vulnerability exists in MediaWiki - CampaignEvents versions 1.45, 1.44, 1.43, and 1.39, which stems from a lack of authorization and could lead to privilege abuse...

Mediawiki - Wikibase Extension 安全漏洞

Mediawiki - Wikibase Extension is an open source database extension for Mediawiki. A security vulnerability exists in Mediawiki - Wikibase Extension versions 1.45, 1.44, 1.43, and 1.39, which stems from improper input neutralization and could lead to a cross-site scripting attack...

CVE-2026-22710

The CVE-2026-22710 issue affects Mediawiki - Wikibase Extension versions 1.39 through 1.45. It stems from improper neutralization of input during web page generation, enabling Cross-Site Scripting (XSS) through autocomment system messages. Impact is XSS with potential script injection, as describ...

MediaWiki - UploadWizard Extension 安全漏洞

MediaWiki - UploadWizard Extension is an open source file upload plugin for MediaWiki. A security vulnerability exists in MediaWiki - UploadWizard Extension versions 1.45, 1.44, 1.43, and 1.39, which stems from improper input neutralization and could lead to a cross-site scripting attack...

CVE-2026-0670

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage Extension allows Cross-Site Scripting XSS.This issue affects MediaWiki - ProofreadPage Extension: 1.45, 1.44, 1.43, 1.39...

CVE-2026-0669

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Wikimedia Foundation MediaWiki - CSS extension allows Path Traversal.This issue affects MediaWiki - CSS extension: 1.44, 1.43, 1.39...

CVE-2026-0669 Path Traversal vulnerability in CSS extension on certain web servers

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Wikimedia Foundation MediaWiki - CSS extension allows Path Traversal.This issue affects MediaWiki - CSS extension: 1.44, 1.43, 1.39...