CVE-2026-34093 Special:UserRights allows viewing user rights from private wiki

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Specials/SpecialUserRights.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...

CVE-2026-34093

CVE-2026-34093 affects Wikimedia Foundation MediaWiki; vulnerability in includes/Specials/SpecialUserRights.Php allows exposure of user rights to unauthorized actors. Affected MediaWiki versions are before 1.43.7, 1.44.4, and 1.45.2. Debian security advisory DSA-6208-1 reports fixes for MediaWiki...

CVE-2026-34093 Special:UserRights allows viewing user rights from private wiki

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Specials/SpecialUserRights.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...

EUVD-2021-31657

Malicious code in bioql PyPI...

EUVD-2021-31660

Malicious code in bioql PyPI...

VulnCheck KEV: CVE-2025-46554

XWiki is a generic wiki platform. In versions starting from 1.8.1 to before 14.10.22, from 15.0-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.7.0, anyone can access the metadata of any attachment in the wiki using the wiki attachment REST endpoint...

Linux Distros Unpatched Vulnerability : CVE-2021-44858

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=edit&undo= followed by...

Linux Distros Unpatched Vulnerability : CVE-2020-15005

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the imgauth.php image...

Linux Distros Unpatched Vulnerability : CVE-2021-44854

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...

MediaWiki Security Breach

MediaWiki is a set of free and freely available web-based Wiki engines from the American Wikimedia Wikimedia Foundation. The product can be used to deploy internal knowledge management and content management systems. MediaWiki suffers from a security vulnerability that stems from allowing any use...

Transmission of Private Resources into a New Sphere ('Resource Leak')

Overview Affected versions of this package are vulnerable to Transmission of Private Resources into a New Sphere 'Resource Leak' through the REST endpoint. An attacker can access private page information by sending unauthorized requests to the /rest/wikis/wikiName/pages endpoint. Note: This is...

CVE-2022-36093

XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2...

CVE-2024-45591 XWiki Platform document history including authors of any page exposed to unauthorized actors

XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification both username...

BIT-MEDIAWIKI-2021-45038

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. By using an action=rollback query, attackers can view private wiki contents...

CVE-2021-44854

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...

CVE-2022-36093

XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2...

Authentication flaw

XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2...

CVE-2022-36093 XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard

XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2...

PT-2022-23182 · Unknown · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform Old Core versions prior to 14.2 and 13.10.4 Description: The issue allows all rights checks that would normally prevent a user from viewing a document on a wiki to be bypassed using the login action and directly specified...

CVE-2021-44858

CVE-2021-44858 (MediaWiki) : An authorization flaw in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1 allows unauthorized users to view private wiki content by chaining actions (action=edit&undo= followed by action=mcrundo and action=mcrrestore) on wikis with at least one ...