CVE-2026-39937

Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure. The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1....

CVE-2026-22714

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - Monaco Skin allows Cross-Site Scripting XSS.This issue affects Mediawiki - Monaco Skin: 1.45, 1.44, 1.43, 1.39...

CVE-2026-0671

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki - UploadWizard extension allows Cross-Site Scripting XSS.This issue affects MediaWiki - UploadWizard extension: 1.45, 1.44, 1.43, 1.39...

CVE-2026-0817

Missing Authorization vulnerability in Wikimedia Foundation MediaWiki - CampaignEvents extension allows Privilege Abuse.This issue affects MediaWiki - CampaignEvents extension: 1.45, 1.44, 1.43, 1.39...

CVE-2026-0670

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage Extension allows Cross-Site Scripting XSS.This issue affects MediaWiki - ProofreadPage Extension: 1.45, 1.44, 1.43, 1.39...

CVE-2026-22714

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - Monaco Skin allows Cross-Site Scripting XSS.This issue affects Mediawiki - Monaco Skin: 1.45, 1.44, 1.43, 1.39...

CVE-2026-22710

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - Wikibase Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - Wikibase Extension: 1.45, 1.44, 1.43, 1.39...

CVE-2026-22712 ApprovedRevs allows bypassing the inline CSS sanitizer

Improper Encoding or Escaping of Output due to magic word replacement in ParserAfterTidy vulnerability in The Wikimedia Foundation Mediawiki - ApprovedRevs Extension allows Input Data Manipulation.This issue affects Mediawiki - ApprovedRevs Extension: 1.45, 1.44, 1.43, 1.39...

MediaWiki - CampaignEvents 安全漏洞

MediaWiki - CampaignEvents is an open source community events plugin for MediaWiki. A security vulnerability exists in MediaWiki - CampaignEvents versions 1.45, 1.44, 1.43, and 1.39, which stems from a lack of authorization and could lead to privilege abuse...

Mediawiki - Wikibase Extension 安全漏洞

Mediawiki - Wikibase Extension is an open source database extension for Mediawiki. A security vulnerability exists in Mediawiki - Wikibase Extension versions 1.45, 1.44, 1.43, and 1.39, which stems from improper input neutralization and could lead to a cross-site scripting attack...

MediaWiki - GrowthExperiments Extension 安全漏洞

MediaWiki - GrowthExperiments Extension is an open source plugin for MediaWiki. A security vulnerability exists in MediaWiki - GrowthExperiments Extension versions 1.45, 1.44, 1.43, and 1.39, which stems from improper input neutralization and could lead to a cross-site scripting attack...

CVE-2026-22714 i18n XSS, DoS and config SQLI in Monaco

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - Monaco Skin allows Cross-Site Scripting XSS.This issue affects Mediawiki - Monaco Skin: 1.45, 1.44, 1.43, 1.39...

CVE-2026-22710

The CVE-2026-22710 entry relates to The Wikimedia Foundation MediaWiki Wikibase Extension and is supported by multiple connected sources. Affected component: Wikibase Extension for MediaWiki. Root cause: improper neutralization of input during web page generation, enabling cross-site scripting (X...

MediaWiki - UploadWizard Extension 安全漏洞

MediaWiki - UploadWizard Extension is an open source file upload plugin for MediaWiki. A security vulnerability exists in MediaWiki - UploadWizard Extension versions 1.45, 1.44, 1.43, and 1.39, which stems from improper input neutralization and could lead to a cross-site scripting attack...

CVE-2026-0670

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage Extension allows Cross-Site Scripting XSS.This issue affects MediaWiki - ProofreadPage Extension: 1.45, 1.44, 1.43, 1.39...

CVE-2026-0668

Inefficient Regular Expression Complexity vulnerability in Wikimedia Foundation MediaWiki - VisualData Extension allows Regular Expression Exponential Blowup.This issue affects MediaWiki - VisualData Extension: 1.45...

CVE-2026-0668

The vulnerability CVE-2026-0668 affects Wikimedia Foundation MediaWiki – VisualData Extension (v1.45). An inefficient Regular Expression can cause a Regular Expression Denial of Service (ReDoS) via crafted user input, enabling a remote attacker to trigger excessive processing time. Affected envir...

PT-2026-1964

Name of the Vulnerable Software and Affected Versions MediaWiki - VisualData Extension version 1.45 Description An inefficient regular expression complexity issue exists in the MediaWiki - VisualData Extension. This allows for a Regular Expression Exponential Blowup, potentially leading to a deni...

CVE-2020-9338

SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field...

CVE-2025-31073

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bensibley Unlimited unlimited allows Stored XSS.This issue affects Unlimited: from n/a through = 1.45...