CVE-2026-39934 Growth Experiments ReassignMenteesJob runs as an infinite loop

Loop with unreachable exit condition 'infinite loop' vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Leveraging Time-of-Check and Time-of-Use TOCTOU Race Conditions. This issue was remediated only on the master branch...

CVE-2026-5762 ReportIncident DiscussionTools integration causes slow requests

Allocation of resources without limits or throttling vulnerability in Wikimedia Foundation MediaWiki - ReportIncident Extension allows HTTP DoS. This issue was remediated only on the master branch...

CVE-2026-22711

Improper neutralization of alternate XSS syntax vulnerability in The Wikimedia Foundation Mediawiki - Wikilove Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - Wikilove Extension: 1.43.7, 1.44.4, 1.45.2...

PT-2026-31044

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - CampaignEvents Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - CampaignEvents Extension: 1.43.7, 1.44.4, 1.45.2...

MediaWiki - WikiLove Extension 安全漏洞

MediaWiki – WikiLove Extension is an extension to MediaWiki that promotes the spirit of love and care in wikis. Versions 1.43.7, 1.44.4, and 1.45.2 of MediaWiki – WikiLove Extension contain security vulnerabilities. These vulnerabilities stem from improper neutralization of alternative XSS syntax...