CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

149 matches found

RedhatCVE•added 2025/05/22 10:38 p.m.•7 views

CVE-2022-28205

An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future...

9.8CVSS6.8AI score0.00466EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 8:30 p.m.•3 views

CVE-2021-36127

An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other user, thus easily disclosing suppressed accounts which are supposed to be completely...

4.3CVSS5.8AI score0.00111EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 7:56 p.m.•4 views

CVE-2021-36125

An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalRenameRequest page is vulnerable to infinite loops and denial of service attacks when a user's current username is beyond an arbitrary maximum configuration value MaxNameChars...

7.5CVSS6.9AI score0.00275EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 7:56 p.m.•7 views

CVE-2021-36128

An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. Autoblocks for CentralAuth-issued suppression blocks are not properly implemented...

9.8CVSS6.9AI score0.00566EPSS

Exploits1References1

Positive Technologies•added 2025/01/01 12:0 a.m.•2 views

PT-2025-27814 · Mediawiki +1 · Mediawiki +2

Name of the Vulnerable Software and Affected Versions: Mediawiki - CentralAuth Extension versions 1.39.0 through 1.39.12 Mediawiki - CentralAuth Extension versions 1.42.0 through 1.42.6 Mediawiki - CentralAuth Extension versions 1.43.0 through 1.43.1 Description: The issue is related to an Improp...

8.8CVSS6.4AI score0.00464EPSS

Exploits0References36

OSV•added 2024/03/06 11:13 a.m.•25 views

BIT-MEDIAWIKI-2020-25827

An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster such as via CentralAuth, rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across...

7.5CVSS7.4AI score0.00239EPSS

Exploits1References5

OSV•added 2024/03/06 11:11 a.m.•12 views

BIT-MEDIAWIKI-2021-36125

7.5CVSS7.4AI score0.00275EPSS

Exploits1References3

OSV•added 2024/03/06 11:11 a.m.•12 views

BIT-MEDIAWIKI-2021-36127

4.3CVSS4.5AI score0.00111EPSS

Exploits1References3

OSV•added 2024/03/06 11:11 a.m.•8 views

BIT-MEDIAWIKI-2021-36128

An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. Autoblocks for CentralAuth-issued suppression blocks are not properly implemented...

9.8CVSS9.5AI score0.00566EPSS

Exploits1References4

OSV•added 2024/03/06 11:10 a.m.•11 views

BIT-MEDIAWIKI-2021-42041

An issue was discovered in CentralAuth in MediaWiki through 1.36.2. The rightsnone MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the setchange log...

6.1CVSS6.5AI score0.0051EPSS

Exploits1References3

OSV•added 2024/03/06 11:6 a.m.•14 views

BIT-MEDIAWIKI-2022-28205

An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future...

9.8CVSS9.4AI score0.00466EPSS

Exploits1References4

OSV•added 2024/01/31 3:31 p.m.•14 views

BIT-MEDIAWIKI-2020-12051

The CentralAuth extension through REL134 for MediaWiki allows remote attackers to obtain sensitive hidden account information via an api.php?action=query&meta=globaluserinfo&guiuser= request. In other words, the information can be retrieved via the action API even though access would be denied wh...

7.5CVSS7.4AI score0.00513EPSS

Exploits0References2

Tenable Nessus•added 2023/05/21 12:0 a.m.•49 views

GLSA-202305-24 : MediaWiki: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202305-24 MediaWiki: Multiple Vulnerabilities - MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page. CVE-2021-41798 - MediaWiki before 1.36.2...

9.8CVSS6.8AI score0.01842EPSS

Exploits6References28

Github Security Blog•added 2022/05/13 1:31 a.m.•22 views

Mediawiki BotPassword can bypass CentralAuth's account lock

Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock...

6.5CVSS6.8AI score0.00427EPSS

Exploits1References10Affected Software1

OSV•added 2022/05/13 1:31 a.m.•3 views

GHSA-5C6W-F4W2-2GRP Mediawiki BotPassword can bypass CentralAuth's account lock

Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock...

6.5CVSS6.4AI score0.00427EPSS

Exploits1References10

OpenVAS•added 2022/03/31 12:0 a.m.•18 views

MediaWiki <= 1.39.4 Multiple Vulnerabilities - Linux

MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...

9.8CVSS9.5AI score0.00466EPSS

Exploits2References3

OpenVAS•added 2022/03/31 12:0 a.m.•22 views

MediaWiki <= 1.39.4 Multiple Vulnerabilities - Windows

9.8CVSS9.5AI score0.00466EPSS

Exploits2References3