EUVD-2026-29157

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Echo. This vulnerability is associated with program files includes/Api/ApiEchoNotifications.Php. This issue affects Echo: from before 1.43.7, 1.44.4, 1.45.2...

EUVD-2026-29058

Vulnerability in Wikimedia Foundation AbuseFilter. This issue affects AbuseFilter: from before 1.43.7, 1.44.4, 1.45.2...

CVE-2026-34093

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Specials/SpecialUserRights.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...

CVE-2026-34094

CVE-2026-34094 affects Wikimedia Foundation MediaWiki prior to 1.43.7, 1.44.4, and 1.45.2. The issue is in the Page/Article.Php path where a Customized help link for a page protection indicator is relative to the subpage name because the link target is missing the "/wiki/" prefix. This describes ...

CVE-2026-34092 Block UI elements in 'tools'-sidebar shows presence of an autoblocked IP

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Skin/Skin.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...

CVE-2026-34086

CVE-2026-34086 affects the Wikimedia Foundation AbuseFilter component. The CVE describes AbuseFilter misusing the ::userCanBitfield mechanism, exposing access-controlled information. Affected versions are AbuseFilter prior to 1.43.7, 1.44.4, 1.45.2. Debian’s security advisory and related CVE post...

EUVD-2026-19980

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - CampaignEvents Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - CampaignEvents Extension: 1.43.7, 1.44.4, 1.45.2...

CVE-2026-39935

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - CampaignEvents Extension allows Cross-Site Scripting XSS. This issue was remediated only on the master branch...

CVE-2026-5762

CVE-2026-5762 affects the Wikimedia Foundation MediaWiki ReportIncident Extension versions 1.43.7, 1.44.4, and 1.45.2. The root cause is allocation of resources without limits or throttling, enabling HTTP DoS and causing potential resource exhaustion (impact on availability). The document provide...

CVE-2026-22711

CVE-2026-22711 is a Stored XSS vulnerability in the WikiLove extension for MediaWiki. It affects WikiLove versions 1.43.7, 1.44.4, and 1.45.2, caused by improper neutralization of alternate XSS syntax in system messages. The CVSS v4.0 base score is 6.9 (Medium) with vector AV:N/AC:L/PR:N/UI:N/S:U...

CVE-2026-22711 Stored XSS through system messages in WikiLove

Improper neutralization of alternate XSS syntax vulnerability in The Wikimedia Foundation Mediawiki - Wikilove Extension allows Cross-Site Scripting XSS.The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1.45...

MediaWiki CampaignEvents Extension 安全漏洞

The MediaWiki CampaignEvents Extension is an open-source extension for managing wiki events in MediaWiki. Versions 1.43.7, 1.44.4, and 1.45.2 of the MediaWiki CampaignEvents Extension contain security vulnerabilities. These vulnerabilities stem from improper handling of inputs during page...

PT-2026-33207

Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.43.7 MediaWiki versions prior to 1.44.4 MediaWiki versions prior to 1.45.2 Description Exposure of sensitive information to an unauthorized actor occurs in the program file includes/Specials/SpecialUserRights.Php...

PT-2026-33201

Name of the Vulnerable Software and Affected Versions OATHAuth versions prior to 1.43.7 OATHAuth versions prior to 1.44.4 OATHAuth versions prior to 1.45.2 Description An issue in Wikimedia Foundation OATHAuth allows the exposure of sensitive information to an unauthorized actor. Recommendations...

PT-2026-33205

Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.43.7 MediaWiki versions prior to 1.44.4 MediaWiki versions prior to 1.45.2 Description An issue in Wikimedia Foundation MediaWiki allows the exposure of sensitive information to an unauthorized actor...