EUVD-2026-29108

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...

EUVD-2026-29062

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation CheckUser. This issue affects CheckUser: from 1.45.0 before 1.45.2...

EUVD-2026-29060

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...

EUVD-2026-29061

Vulnerability in Wikimedia Foundation Scribunto. This issue affects Scribunto: from 1.45.0 before 1.45.2...

EUVD-2026-29058

Vulnerability in Wikimedia Foundation AbuseFilter. This issue affects AbuseFilter: from before 1.43.7, 1.44.4, 1.45.2...

CVE-2026-5266

CVE-2026-5266 affects Wikimedia Foundation Echo, specifically the includes/Api/ApiEchoNotifications.Php component. The vulnerability allows exposure of sensitive information to an unauthorized actor and affects Echo versions before 1.43.7, 1.44.4, and 1.45.2. The Debian advisory notes the issue c...

CVE-2026-34090

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation CheckUser. This issue affects CheckUser: from 1.45.0 before 1.45.2...

CVE-2026-34087

CVE-2026-34087 affects Wikimedia Foundation OATHAuth. The connected documents confirm the issue is an exposure of sensitive information to an unauthorized actor, with affected OATHAuth versions listed as before 1.43.7, 1.44.4, 1.45.2. The exploitation status is not provided in the sources. There ...

CVE-2026-34086 AbuseFilter misuses ::userCanBitfield, exposing access-controlled information

Vulnerability in Wikimedia Foundation AbuseFilter. This issue affects AbuseFilter: from before 1.43.7, 1.44.4, 1.45.2...

EUVD-2026-19980

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - CampaignEvents Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - CampaignEvents Extension: 1.43.7, 1.44.4, 1.45.2...

CVE-2026-39933

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - GlobalWatchlist Extension allows Cross-Site Scripting XSS. The issue has been remediated on the master branch, and in the release branches for MediaWiki version...

CVE-2026-39933 Multiple XSS vulnerabilities in GlobalWatchlist

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - GlobalWatchlist Extension allows Cross-Site Scripting XSS. The issue has been remediated on the master branch, and in the release branches for MediaWiki version...

EUVD-2026-19851

Improper neutralization of alternate XSS syntax vulnerability in The Wikimedia Foundation Mediawiki - Wikilove Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - Wikilove Extension: 1.43.7, 1.44.4, 1.45.2...

CVE-2026-5762

CVE-2026-5762 affects the Wikimedia Foundation MediaWiki ReportIncident Extension versions 1.43.7, 1.44.4, and 1.45.2. The root cause is allocation of resources without limits or throttling, enabling HTTP DoS and causing potential resource exhaustion (impact on availability). The document provide...

PT-2026-33204

Name of the Vulnerable Software and Affected Versions Wikimedia Foundation CheckUser versions 1.45.0 through 1.45.1 Description An issue exists that allows the exposure of sensitive information to an unauthorized actor. Recommendations Update to version 1.45.2...

PT-2026-33201

Name of the Vulnerable Software and Affected Versions OATHAuth versions prior to 1.43.7 OATHAuth versions prior to 1.44.4 OATHAuth versions prior to 1.45.2 Description An issue in Wikimedia Foundation OATHAuth allows the exposure of sensitive information to an unauthorized actor. Recommendations...

CVE-2025-61649

Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Services/CheckUserUserInfoCardService.Php. This issue affects CheckUser: from 7cedd58781d261f110651b6af4f41d2d11ae7309...

CVE-2025-61658

Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/GlobalContributions/GlobalContributionsPager.Php. This issue affects CheckUser: from before 1.43.4, 1.44.1...

CVE-2025-61651

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser/checkuser/checkUserHelper/buildUserElement.Js. This issue affects CheckUser: from...

CVE-2025-61651

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser/checkuser/checkUserHelper/buildUserElement.Js. This issue affects CheckUser: from...