79 matches found
CVE-2026-39933
CVE-2026-39933 describes a cross-site scripting (XSS) vulnerability in the Wikimedia Foundation MediaWiki GlobalWatchlist extension due to improper neutralization of input during web page generation. The issue affects non-release branches. The CVSSv4.0 base score is 10.0 (CRITICAL) with NETWORK a...
Age verification vendor Persona left frontend exposed, researchers say
Researchers investigating Discord’s age-verification checks say they discovered an exposed frontend belonging to Persona, the identity-verification vendor used by Discord. It revealed a far more expansive surveillance and financial intelligence stack than a simple “teen safety” tool. A short whil...
CVE-2025-61644
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Rcfilters/ui/WatchlistTopSectionWidget.Js. This issue affects MediaWiki: from befo...
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Overview mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others. Note: This package is not maintained on Packagist anymore, but newer releases exist. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an...
CVE-2025-61644
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Rcfilters/ui/WatchlistTopSectionWidget.Js. This issue affects MediaWiki: from befo...
CVE-2025-61646
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/RecentChanges/EnhancedChangesList.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1...
CVE-2025-61646 Watchlist group mode reveals authors of edits with hidden authorship
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/RecentChanges/EnhancedChangesList.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1...
CVE-2025-61646 Watchlist group mode reveals authors of edits with hidden authorship
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/RecentChanges/EnhancedChangesList.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1...
CVE-2025-61646
CVE-2025-61646 affects Wikimedia Foundation MediaWiki via the includes/RecentChanges/EnhancedChangesList.Php component. Public notices (Debian/Ubuntu OSV) indicate multiple related CVEs in MediaWiki with fixes in Debian oldstable 1:1.39.17-1~deb12u1 and stable 1:1.43.6+dfsg-1~deb13u1; correspondi...
CVE-2025-61644
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Rcfilters/ui/WatchlistTopSectionWidget.Js. This issue affects MediaWiki: from befo...
CVE-2025-61644
CVE-2025-61644 is an XSS vulnerability in Wikimedia Foundation MediaWiki, tied to the client-side file resources/src/mediawiki.Rcfilters/ui/WatchlistTopSectionWidget.Js. The issue arises from improper neutralization of input during web page generation, affecting MediaWiki instances: from before f...
CVE-2025-61644 i18n XSS through Special:Watchlist
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Rcfilters/ui/WatchlistTopSectionWidget.Js. This issue affects MediaWiki: from befo...
CVE-2025-61644
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Rcfilters/ui/WatchlistTopSectionWidget.Js. This issue affects MediaWiki: from befo...
CVE-2025-61644
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Rcfilters/ui/WatchlistTopSectionWidget.Js. This issue affects MediaWiki: from befo...
CVE-2025-61644 i18n XSS through Special:Watchlist
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Rcfilters/ui/WatchlistTopSectionWidget.Js. This issue affects MediaWiki: from befo...
PT-2026-5732
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Rcfilters/ui/WatchlistTopSectionWidget.Js. This issue affects MediaWiki: from befo...
Exploit for CVE-2024-12345
CVE Exchange Stop chasing vulnerability intel across fragme...
DHS Kept Chicago Police Records for Months in Violation of Domestic Espionage Rules
The Department of Homeland Security collected data on Chicago residents accused of gang ties to test if police files could feed an FBI watchlist. Months passed before anyone noticed it wasn’t deleted...
MGASA-2025-0260 Updated mediawiki packages fix security vulnerabilities
i18n XSS vulnerability in HTMLMultiSelectField when sections are used. CVE-2025-3469 "reupload-own" restriction can be bypassed by reverting file. CVE-2025-32696 Cascading protection is not preventing file reversions. CVE-2025-32697 LogPager.php: Restriction enforcer functions do not correctly...
EUVD-2017-0716
Malware in sbrugna...