Lucene search
K

57395 matches found

Cvelist
Cvelist
added 2026/02/03 1:24 a.m.25 views

CVE-2025-67484 Action API xslt option allows JavaScript execution by administrators who are not interface administrators

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiFormatXml.Php. This issue affects MediaWiki: from before 1.39.16, 1.43.6, 1.44.3, 1.45.1...

0.00395EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/03 1:24 a.m.5 views

CVE-2025-67484 Action API xslt option allows JavaScript execution by administrators who are not interface administrators

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiFormatXml.Php. This issue affects MediaWiki: from before 1.39.16, 1.43.6, 1.44.3, 1.45.1...

5.3AI score0.00395EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/03 1:23 a.m.27 views

CVE-2025-67480 list=allrevisions can be used to bypass Extension:Lockdown

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryRevisionsBase.Php. This issue affects MediaWiki: from before 1.39.16, 1.43.6, 1.44.3, 1.45.1...

0.00211EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/03 1:23 a.m.5 views

CVE-2025-67480 list=allrevisions can be used to bypass Extension:Lockdown

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryRevisionsBase.Php. This issue affects MediaWiki: from before 1.39.16, 1.43.6, 1.44.3, 1.45.1...

5.3AI score0.00211EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/03 1:16 a.m.3 views

Cross-site Scripting (XSS)

Overview mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others. Note: This package is not maintained on Packagist anymore, but newer releases exist. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Special:ApiSandbo...

6.1CVSS5.5AI score0.00234EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/03 1:16 a.m.24 views

CVE-2025-67477 Stored XSS through a system message in Special:ApiSandbox

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js. This issue affects MediaWiki: from before...

0.00234EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/03 12:55 a.m.32 views

CVE-2025-61652 Action API discussiontoolspageinfo does not check for authorizeRead for the page

Vulnerability in Wikimedia Foundation DiscussionTools.This issue affects DiscussionTools: from before 1.43.4, 1.44.1...

6.9CVSS0.00253EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 12:55 a.m.15 views

CVE-2025-61652

CVE-2025-61652 affects Wikimedia Foundation DiscussionTools; vulnerable in DiscussionsTools prior to 1.43.4 and 1.44.1. Connected advisories corroborate affected versions across Debian/Ubuntu and OSV records. The Debian security advisory notes fixes inMediaWiki packages: for the stable/trixie rel...

6.9CVSS5.2AI score0.00253EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/03 12:46 a.m.2 views

Allocation of Resources Without Limits or Throttling

Overview mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others. Note: This package is not maintained on Packagist anymore, but newer releases exist. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttli...

6.3CVSS5.6AI score0.00272EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/03 12:2 a.m.31 views

CVE-2025-61647 UserInfoCard: Don't allow access to information about users who are suppressed if you don't have suppressor rights

Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Api/Rest/Handler/UserInfoHandler.Php. This issue affects CheckUser: from a3dc1bbcc33acbcca6831d6afaccbb1054c93a57, 0584eb2ad564648aa3ce9c555dd044dda02b55f4...

2CVSS0.00293EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.5 views

PT-2026-6514

Mailpit has a Server-Side Request Forgery SSRF via HTML Check API in github.com/axllent/mailpit...

7.5CVSS5.4AI score0.00396EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/03 12:0 a.m.25 views

CVE-2025-69970

FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API...

0.00463EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 12:0 a.m.5 views

CVE-2025-69970

FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API...

5.5AI score0.00463EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.7 views

PT-2026-5987

Name of the Vulnerable Software and Affected Versions Dokans Multi-Tenancy Based eCommerce Platform version 3.9.2 Description The platform allows unauthenticated remote attackers to obtain sensitive application configuration data by directly requesting the '/script/.env' file. This file contains...

10CVSS5.5AI score0.00383EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.3 views

PT-2026-6512

SiYuan has a Reflected Cross-Site Scripting XSS via /api/icon/getDynamicIcon in github.com/siyuan-note/siyuan/kernel...

6.1CVSS5.4AI score0.00263EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/03 12:0 a.m.4 views

CVE-2025-69981

FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the /api/upload API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files such as the SQLite user...

6AI score0.00726EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/03 12:0 a.m.6 views

EUVD-2025-206717

FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access...

5.5AI score0.02036EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/03 12:0 a.m.4 views

CVE-2025-69981

FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the /api/upload API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files such as the SQLite user...

6.1AI score0.00726EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.9 views

Wikimedia DiscussionTools 安全漏洞

Wikimedia DiscussionTools is a discussion tool provided by the Wikimedia Foundation. Versions of Wikimedia DiscussionTools prior to 1.43.4 and 1.44.1 contained security vulnerabilities. These vulnerabilities stemmed from the discussiontoolspageinfo method in the Action API, which did not check...

6.9CVSS5.8AI score0.00253EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 12:0 a.m.12 views

CVE-2025-69981

FUXA v1.2.7 has an Unrestricted File Upload issue at the /api/upload endpoint. The endpoint authenticates users poorly (lacks authentication), allowing unauthenticated remote attackers to upload arbitrary files. This can enable overwriting critical system files such as the SQLite user database an...

9.8CVSS6AI score0.00726EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder