Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how mediawiki compares to other vendors in security performance

View Risk Score →

MediaWiki MediaWikiaction=raw with Special:Mypage subpage title responds with "Content-Type: text/html" on ctype=text/javascript request

Risk 38
Severity
First published (updated )
CVE-2026-34095

MediaWiki MediaWikiCustomized help link for page protection indicator is relative to subpage name, because the link target is missing the "/wiki/" prefix

Risk 26
Severity
2
First published (updated )
CVE-2026-34094

MediaWiki MediaWikiSpecial:UserRights allows viewing user rights from private wiki

Risk 27
Severity
1.1
First published (updated )
CVE-2026-34093

MediaWiki MediaWikiBlock UI elements in 'tools'-sidebar shows presence of an autoblocked IP

Risk 43
Severity
2.1
First published (updated )
CVE-2026-34092

MediaWiki MediaWikiUser localization leaked by AbuseFilter + EventStream

Risk 43
Severity
5.5
First published (updated )
CVE-2026-34091
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Wikimedia Foundation CheckUserSuggested investigations: Handle suppressed usernames

Risk 43
Severity
4.8
First published (updated )
CVE-2026-34090

MediaWiki MediaWikiRecentChanges entries expose suppressed content via generated log page html

Risk 43
Severity
1.3
First published (updated )
CVE-2026-34088

MediaWiki MediaWikiUsers API leaks whether privileged users have their user groups disabled for lack of 2FA

Risk 43
Severity
5.1
First published (updated )
CVE-2026-34087

Wikiworks MediaWiki - Cargo ExtensionStored XSS through the dynamic table format in Cargo

Risk 55
Severity
6.3
First published (updated )
CVE-2026-39837

Wikimedia Foundation Mediawiki - Cargo ExtensionStored XSS through list fields on Cargo's page values and Special:CargoTables

Risk 55
Severity
6.3
First published (updated )
CVE-2026-39841
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Wikimedia Foundation MediaWiki Cargo extensionCSS injection in multiple Cargo display formats

Risk 38
Severity
5.1
First published (updated )
CVE-2026-39840

Wikimedia Foundation Mediawiki - Cargo ExtensionStored XSS through URLs in Cargo's map format

Risk 55
Severity
6.3
First published (updated )
CVE-2026-39839

MediaWiki RenderBlockingRenderBlocking has Stored XSS in renderblocking-css with Inline Assets mode

Risk 15
Severity
2
EPSS
0.05%
First published (updated )
CVE-2026-30977

MediaWiki MediaWikimw.message(…).parse() doesn't output safe HTML, but it's being used as if it does

Risk 38
Severity
First published (updated )
CVE-2025-67481

MediaWiki MediaWikiTheoretical i18n XSS in mediawiki.page.preview.js when a page has multiple protection levels

Risk 38
Severity
First published (updated )
CVE-2025-67483
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

MediaWiki MediaWikiAction API xslt option allows JavaScript execution by administrators who are not interface administrators

Risk 86
Severity
First published (updated )
CVE-2025-67484

MediaWiki MediaWikilist=allrevisions can be used to bypass Extension:Lockdown

Risk 38
Severity
First published (updated )
CVE-2025-67480

MediaWiki MediaWikiStored XSS through edit summaries in MW Core

Risk 38
Severity
First published (updated )
CVE-2025-67475

MediaWiki MediaWikiImporting leaks IP address of importer via EventStreams

Risk 22
Severity
1.3
First published (updated )
CVE-2025-67476

MediaWiki MediaWikiStored XSS through a system message in Special:ApiSandbox

Risk 38
Severity
First published (updated )
CVE-2025-67477
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

MediaWiki Checkuser MediawikiWrong E-Mail address composition for usernames with a comma and Umlauts in it like "Döe, Jähn"

Risk 77
Severity
First published (updated )
CVE-2025-67478

MediaWiki Visual Editor MediawikiStored XSS through system messages in VisualEditor

Risk 38
Severity
First published (updated )
CVE-2025-61655

MediaWiki Visual Editor MediawikiXSS when pasting into VE

Risk 38
Severity
First published (updated )
CVE-2025-61656

MediaWiki Checkuser MediawikiSpecial:GlobalContributions shows edits on wikis the viewer doesn't have access to

Risk 22
Severity
1.3
First published (updated )
CVE-2025-61658

Wikimedia Foundation CheckUseri18n XSS through Special:CheckUser CheckUser helper

Risk 38
Severity
First published (updated )
CVE-2025-61651
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

MediaWiki MediaWikiStored i18n XSS exposed by security patch for T402077

Risk 38
Severity
First published (updated )
CVE-2025-11261

Wikimedia Foundation CheckUserStored XSS through system messages in CheckUser

Risk 38
Severity
First published (updated )
CVE-2025-61648

Wikimedia Foundation MediaWikiCodexTablePager has i18n XSS

Risk 38
Severity
6.1
First published (updated )
CVE-2025-61645

MediaWiki MediaWikiWatchlist group mode reveals authors of edits with hidden authorship

Risk 34
Severity
1.2
First published (updated )
CVE-2025-61646

MediaWiki MediaWikiStored XSS through system messages in MW Core

Risk 29
Severity
4.8
First published (updated )
CVE-2025-61637
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203