CVE-2026-0817

Missing Authorization vulnerability in Wikimedia Foundation MediaWiki - CampaignEvents extension allows Privilege Abuse.This issue affects MediaWiki - CampaignEvents extension: 1.45, 1.44, 1.43, 1.39...

CVE-2026-22710

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - Wikibase Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - Wikibase Extension: 1.45, 1.44, 1.43, 1.39...

CVE-2026-0817

Missing Authorization vulnerability in Wikimedia Foundation MediaWiki - CampaignEvents extension allows Privilege Abuse.This issue affects MediaWiki - CampaignEvents extension: 1.45, 1.44, 1.43, 1.39...

CVE-2026-22713

The CVE concerns the Wikimedia Foundation MediaWiki GrowthExperiments Extension, where a Cross-Site Scripting (XSS) vulnerability arises from improper neutralization of input during web page generation, exposed through edit summaries. Affected versions are 1.39–1.45. The confirmed impact is XSS i...

PT-2026-2258

Name of the Vulnerable Software and Affected Versions Mediawiki - GrowthExperiments Extension versions 1.39 through 1.45 Description The Wikimedia Foundation Mediawiki - GrowthExperiments Extension is susceptible to a Cross-Site Scripting XSS issue due to improper neutralization of input during w...

CVE-2026-0671

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki - UploadWizard extension allows Cross-Site Scripting XSS.This issue affects MediaWiki - UploadWizard extension: 1.45, 1.44, 1.43, 1.39...

PT-2026-2259

Name of the Vulnerable Software and Affected Versions MediaWiki - Monaco Skin versions 1.39 through 1.45 Description An issue exists in MediaWiki - Monaco Skin related to improper neutralization of input during web page generation, which can lead to Cross-Site Scripting XSS. This allows for the...

CVE-2026-0670 Stored XSS through a system message and a user-provided parameter in ProofreadPage

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage Extension allows Cross-Site Scripting XSS.This issue affects MediaWiki - ProofreadPage Extension: 1.45, 1.44, 1.43, 1.39...

CVE-2026-0669 Path Traversal vulnerability in CSS extension on certain web servers

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Wikimedia Foundation MediaWiki - CSS extension allows Path Traversal.This issue affects MediaWiki - CSS extension: 1.44, 1.43, 1.39...

PT-2026-1965

Name of the Vulnerable Software and Affected Versions MediaWiki - CSS extension versions 1.39 through 1.44 Description An issue exists in the MediaWiki - CSS extension related to improper limitation of a pathname to a restricted directory, allowing for path traversal. This can potentially allow...

CVE-2025-62655

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in The Wikimedia Foundation MediaWiki Cargo extension allows SQL Injection.This issue affects MediaWiki Cargo extension: 1.39, 1.43, 1.44...

CVE-2025-62654

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation MediaWiki QuizGame extension allows Stored XSS.This issue affects MediaWiki QuizGame extension: 1.39, 1.43, 1.44...

CVE-2025-62655

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in The Wikimedia Foundation MediaWiki Cargo extension allows SQL Injection.This issue affects MediaWiki Cargo extension: 1.39, 1.43, 1.44...

CVE-2025-62655 SQL injection in Cargo via Special:CargoExport

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in The Wikimedia Foundation MediaWiki Cargo extension allows SQL Injection.This issue affects MediaWiki Cargo extension: 1.39, 1.43, 1.44...

CVE-2025-62653 Stored XSS through system messages in PollNY

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation MediaWiki PollNY extension allows Stored XSS.This issue affects MediaWiki PollNY extension: 1.39, 1.43, 1.44...

CVE-2025-62653

The CVE-2025-62653 entry describes a stored XSS vulnerability in the Wikimedia Foundation MediaWiki PollNY extension. Affected versions are 1.39, 1.43, and 1.44. Root cause: improper neutralization of input during web page generation in the PollNY extension, enabling stored cross-site scripting. ...

CVE-2025-62652 Stored XSS in WebAuthn key name

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation MediaWiki WebAuthn extension allows Stored XSS.This issue affects MediaWiki WebAuthn extension: 1.39, 1.43, 1.44...

Linux Distros Unpatched Vulnerability : CVE-2025-32072

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki Core - Feed Utils allows WebView Injection.This issue affects...

Wikimedia Mediawiki - MintyDocs Extension 安全漏洞

Wikimedia Mediawiki - MintyDocs Extension is a document creation and management extension from the Wikimedia Foundation. A security vulnerability exists in Wikimedia Mediawiki - MintyDocs Extension that stems from improper input neutralization and could lead to a stored cross-site scripting attac...

CVE-2025-32074

Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - Confirm Account Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - Confirm Account Extension: from 1.39 through 1.43...