Lucene search
K

152 matches found

NVD
NVD
added 2 days ago6 views

CVE-2026-58028

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation CentralAuth. This vulnerability is associated with program files includes/Api/ApiFormatBase.Php, includes/Api/ApiHelp.Php,...

0.0039EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-58028

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation CentralAuth. This vulnerability is associated with program files includes/Api/ApiFormatBase.Php, includes/Api/ApiHelp.Php,...

5.8AI score0.0039EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-58028 Pretty-printed API output combined with centralauthtoken allows XSS with certain gadgets

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation CentralAuth. This vulnerability is associated with program files includes/Api/ApiFormatBase.Php, includes/Api/ApiHelp.Php,...

0.0039EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.6 views

RHCOS 3 : OpenShift Container Platform 3.11 mediawiki (RHSA-2019:3142)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3142 advisory. - mediawiki: $wgRateLimits rate limit / ping limiter entry for 'user' overrides that for 'newbie' CVE-2018-0503 - mediawiki:...

6.5CVSS5.8AI score0.01932EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/04/09 1:23 a.m.4 views

CVE-2026-39937

Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure. The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1....

8.8CVSS5.8AI score0.00263EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 12:30 a.m.4 views

EUVD-2026-19984

Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.This issue affects non release branches...

8.8CVSS5.9AI score0.00263EPSS
Exploits0References3
NVD
NVD
added 2026/04/07 10:16 p.m.3 views

CVE-2026-39937

Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure. The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1....

8.8CVSS0.00263EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/07 9:44 p.m.4 views

CVE-2026-39937 Global vanishing does not completely remove user email

Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure. The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1....

8.8CVSS5.8AI score0.00263EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/07 9:44 p.m.17 views

CVE-2026-39937 Global vanishing does not completely remove user email

Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure. The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1....

8.8CVSS0.00263EPSS
Exploits0References2
CVE
CVE
added 2026/04/07 9:44 p.m.6 views

CVE-2026-39937

CVE-2026-39937 concerns the Wikimedia Foundation’s MediaWiki CentralAuth Extension. The issue is an improper removal of sensitive information before storage or transfer, resulting in a Resource Leak Exposure. According to the connected documents, the vulnerability has been remediated on the maste...

8.8CVSS5.8AI score0.00263EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/07 9:44 p.m.2 views

CVE-2026-39937

Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure. The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1....

8.8CVSS5.8AI score0.00263EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.3 views

PT-2026-31033

Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.This issue affects non release branches...

8.8CVSS5.9AI score0.00263EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.6 views

MediaWiki - CentralAuth Extension 安全漏洞

MediaWiki - CentralAuth Extension is an authentication plugin developed under open source by MediaWiki. The MediaWiki - CentralAuth Extension has a security vulnerability; this vulnerability arises from the improper removal of sensitive information during storage or transmission, which may lead t...

8.8CVSS5.8AI score0.00263EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:57 a.m.7 views

CVE-2020-12051

The CentralAuth extension through REL134 for MediaWiki allows remote attackers to obtain sensitive hidden account information via an api.php?action=query=globaluserinfo= request. In other words, the information can be retrieved via the action API even though access would be denied when simply...

7.5CVSS6.6AI score0.01317EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/23 12:0 a.m.3 views

Mediawiki - CentralAuth Extension Resource Disclosure Vulnerability

Mediawiki - CentralAuth Extension is an extension to MediaWiki designed for the Wikimedia project to manage cross-site user account merging, locking, renaming and other operations. A resource disclosure vulnerability exists in Mediawiki - CentralAuth Extension, which stems from the exposure of...

6.9CVSS6.4AI score0.00401EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/20 7:28 p.m.21 views

CVE-2025-62669

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.This issue affects Mediawiki - CentralAuth Extension: from master before 1.39...

6.9CVSS6.9AI score0.00401EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/18 6:30 a.m.4 views

EUVD-2025-34957

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.This issue affects Mediawiki - CentralAuth Extension: from master before 1.39...

6.9CVSS6.4AI score0.00401EPSS
Exploits0References3
NVD
NVD
added 2025/10/18 5:15 a.m.7 views

CVE-2025-62669

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.This issue affects Mediawiki - CentralAuth Extension: from master before 1.39...

6.9CVSS0.00401EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/18 4:34 a.m.26 views

CVE-2025-62669 UserInfoCard: activeLocalBlocksAllWikis does not do permissions checks

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.This issue affects Mediawiki - CentralAuth Extension: from master before 1.39...

6.9CVSS0.00401EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/18 4:34 a.m.3 views

CVE-2025-62669 UserInfoCard: activeLocalBlocksAllWikis does not do permissions checks

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.This issue affects Mediawiki - CentralAuth Extension: from master before 1.39...

6.9CVSS6.5AI score0.00401EPSS
Exploits0References2
Rows per page
Query Builder