Where
AND
-Infinity
0

Trending

Last week
Last month
Last year

MediaWiki MediaWikiCustomized help link for page protection indicator is relative to subpage name, because the link target is missing the "/wiki/" prefix

Risk 26
Severity
2
First published (updated )
CVE-2026-34094

MediaWiki MediaWikiSpecial:UserRights allows viewing user rights from private wiki

Risk 27
Severity
1.1
First published (updated )
CVE-2026-34093

MediaWiki MediaWikiBlock UI elements in 'tools'-sidebar shows presence of an autoblocked IP

Risk 43
Severity
2.1
First published (updated )
CVE-2026-34092

MediaWiki MediaWikiRecentChanges entries expose suppressed content via generated log page html

Risk 43
Severity
1.3
First published (updated )
CVE-2026-34088

MediaWiki MediaWikiImporting leaks IP address of importer via EventStreams

Risk 22
Severity
1.3
First published (updated )
CVE-2025-67476
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Wikimedia Foundation MediaWikiMagic word replacement in legacy parser allows using reserved data attributes through wikitext

Risk 3
Severity
1
First published (updated )
CVE-2025-67479

MediaWiki MediaWikiWatchlist group mode reveals authors of edits with hidden authorship

Risk 34
Severity
1.2
First published (updated )
CVE-2025-61646

Wikimedia Foundation MediaWikii18n XSS through Special:Watchlist

Risk 3
Severity
1
First published (updated )
CVE-2025-61644

MediaWiki MediaWikiAPI list=allpages with maxsize is making really slow queries

Risk 38
Severity
1.7
First published (updated )
CVE-2025-61641

MediaWiki MediaWikiEventStreams publishes suppressed recent change entries that are suppressed from their creation

Risk 38
Severity
2.7
First published (updated )
CVE-2025-61643
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

MediaWiki MediaWikiHTML rest endpoint needs PoolCounter and proper parser cache check

Risk 17
Severity
3.1
First published (updated )
CVE-2025-61634

Wikimedia Foundation MediaWikiWith MultiBlocks enabled and a user who is suppressed via a MultiBlock, a user without 'hideuser' can see the hidden username in the BlockList

Risk 13
Severity
2.1
First published (updated )
CVE-2025-6589

Wikimedia Foundation MediaWiki"{{SITENAME}} registered email address has been changed" email sent to unverified email addresses

Risk 15
Severity
2.1
First published (updated )
CVE-2025-6593

Wikimedia Foundation MediaWikiMediaWiki should not consider autocreation as login for the purposes of security reauthentication

Risk 3
Severity
1
First published (updated )
CVE-2025-6597

Wikimedia Foundation MediaWikiAutoblocks from global account suppressions are publicly visible

Risk 15
Severity
2.3
First published (updated )
CVE-2025-6927
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203