CVE-2026-39933 Multiple XSS vulnerabilities in GlobalWatchlist

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - GlobalWatchlist Extension allows Cross-Site Scripting XSS. The issue has been remediated on the master branch, and in the release branches for MediaWiki version...

CVE-2026-0817

CVE-2026-0817 concerns the Wikimedia Foundation MediaWiki - CampaignEvents extension. The vulnerability is described as a missing authorization issue that could allow privilege abuse in CampaignEvents API. Affected versions are 1.39, 1.43, 1.44, and 1.45. The connected Red Hat/NVD entries corrobo...

CVE-2026-22712 ApprovedRevs allows bypassing the inline CSS sanitizer

Improper Encoding or Escaping of Output due to magic word replacement in ParserAfterTidy vulnerability in The Wikimedia Foundation Mediawiki - ApprovedRevs Extension allows Input Data Manipulation.This issue affects Mediawiki - ApprovedRevs Extension: 1.45, 1.44, 1.43, 1.39...

EUVD-2025-34969

Allocation of Resources Without Limits or Throttling vulnerability in The Wikimedia Foundation Mediawiki - CirrusSearch Extension allows HTTP DoS.This issue affects Mediawiki - CirrusSearch Extension: from master before 1.43...

The vulnerability of the OATHAuth extension of the software platform for implementing the MediaWiki hypertext environment allows a hacker to circumvent existing security restrictions through brute-force attacks.

The vulnerability of the OATHAuth extension, a software tool for implementing a hypertext environment like MediaWiki, relates to insufficient restrictions on authentication attempts. Exploiting this vulnerability could allow a malicious actor to circumvent existing security measures through...