Lucene search
K

683 matches found

RedhatCVE
RedhatCVE
added 2026/07/03 7:7 a.m.9 views

CVE-2026-58038

A flaw was found in the Wikimedia Foundation Timeline component. This cross-site scripting XSS vulnerability allows a remote attacker to inject malicious scripts into web pages. Successful exploitation could lead to significant impacts such as information disclosure, session hijacking, or...

6.1CVSS5.7AI score0.00169EPSS
Exploits0References4
OSV
OSV
added 2026/07/01 7:16 p.m.1 views

CVE-2026-14358

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - Charts Extension allows Cross-Site Scripting XSS. This issue affects Mediawiki - Charts Extension: from before 1.43.9,1.44.6,1.45.4...

6.1CVSS6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 6:48 p.m.8 views

CVE-2026-14358 Stored XSS in Wikimedia Chart pie tooltip via Data:*.tab field title

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - Charts Extension allows Cross-Site Scripting XSS. This issue affects Mediawiki - Charts Extension: from before 1.43.9,1.44.6,1.45.4...

6.9CVSS5.8AI score0.00175EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 6:48 p.m.36 views

CVE-2026-14358 Stored XSS in Wikimedia Chart pie tooltip via Data:*.tab field title

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - Charts Extension allows Cross-Site Scripting XSS. This issue affects Mediawiki - Charts Extension: from before 1.43.9,1.44.6,1.45.4...

6.9CVSS0.00175EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 5:30 p.m.9 views

EUVD-2026-41102

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection. This issue affects Mediawiki - Cargo Extension: from before 1.43.9,1.44.6,1.45.4...

6.9CVSS5.8AI score0.00283EPSS
Exploits0References2
OSV
OSV
added 2026/07/01 4:16 p.m.4 views

CVE-2026-8857

A vulnerability in Wikimedia Foundation timeline. This vulnerability is associated with program files scripts/EasyTimeline.Pl, includes/Timeline.Php. This issue affects timeline: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

8.8CVSS6.1AI score
Exploits0References1
NVD
NVD
added 2026/07/01 4:16 p.m.11 views

CVE-2026-8857

A vulnerability in Wikimedia Foundation timeline. This vulnerability is associated with program files scripts/EasyTimeline.Pl, includes/Timeline.Php. This issue affects timeline: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

8.8CVSS0.00333EPSS
Exploits1References1
NVD
NVD
added 2026/07/01 4:16 p.m.11 views

CVE-2026-58038

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation timeline. This vulnerability is associated with program files includes/Timeline.Php, scripts/EasyTimeline.Pl. This issue affects timeline: from before 1.46.0, 1.45.4,...

6.1CVSS0.00169EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 4:16 p.m.39 views

CVE-2026-58029

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiChangeAuthenticationData.Php, includes/Api/ApiLinkAccount.Php, includes/Api/ApiRemoveAuthenticationData.Php, includes/Specials/SpecialLinkAccounts.Php,...

6.5CVSS0.00351EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 4:16 p.m.10 views

CVE-2026-58036

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryAllUsers.Php, includes/Api/ApiQueryUsers.Php, includes/Permissions/PermissionManager.Php,...

7.5CVSS0.00243EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 4:16 p.m.8 views

CVE-2026-58030

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation SyntaxHighlightGeSHi. This vulnerability is associated with program files includes/SyntaxHighlight.Php. This issue affects SyntaxHighlightGeSHi: from before 1.46.0,...

6.1CVSS0.0027EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 4:16 p.m.4 views

DEBIAN-CVE-2026-58026

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Parser/Parser.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

5.7CVSS5.8AI score0.00369EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 4:16 p.m.7 views

CVE-2026-13706

Improper input validation vulnerability in Wikimedia Foundation UrlShortener. This vulnerability is associated with program files includes/UrlShortenerUtils.Php...

8.8CVSS0.00328EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 4:16 p.m.14 views

CVE-2026-13707

Session fixation vulnerability in Wikimedia Foundation OAuth. This vulnerability is associated with program files src/Backend/MWOAuthServer.Php. This issue affects OAuth: from through 1.46.0, 1.45.4, 1.44.6, 1.43.9...

7.6CVSS0.00217EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 3:17 p.m.8 views

CVE-2026-58034

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser.TempAccounts/components/blockConnectedTempAccountsField.Vue. This issue affects...

4.8CVSS0.00142EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 3:17 p.m.3 views

UBUNTU-CVE-2026-58035

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Block/SpecialBlock.Vue...

4.8CVSS5.8AI score0.00142EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/01 3:8 p.m.31 views

CVE-2026-8857 Full RCE using EasyTimeline Extension

A vulnerability in Wikimedia Foundation timeline. This vulnerability is associated with program files scripts/EasyTimeline.Pl, includes/Timeline.Php. This issue affects timeline: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

0.00333EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 3:8 p.m.6 views

CVE-2026-8857

A vulnerability in Wikimedia Foundation timeline. This vulnerability is associated with program files scripts/EasyTimeline.Pl, includes/Timeline.Php. This issue affects timeline: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

5.8AI score0.00333EPSS
Exploits1References2
CVE
CVE
added 2026/07/01 3:8 p.m.18 views

CVE-2026-8857

The CVE-2026-8857 entry concerns a vulnerability in the Wikimedia Foundation timeline, affecting the Timeline extension components: program files scripts/EasyTimeline.Pl and includes/Timeline.Php. Affected versions are before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. The available sources do not specif...

8.8CVSS5.8AI score0.00333EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/07/01 3:4 p.m.18 views

CVE-2026-58038

The CVE-2026-58038 issue affects the Wikimedia Foundation Timeline component and is caused by improper neutralization of input during web page generation, enabling cross-site scripting via Timeline.Php and scripts/EasyTimeline.Pl. Reported impacts include information disclosure, session hijacking...

6.1CVSS5.8AI score0.00169EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder