Where
AND
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how mediawiki compares to other vendors in security performance

View Risk Score →

MediaWiki MediaWikiUser localization leaked by AbuseFilter + EventStream

Risk 43
Severity
5.5
First published (updated )
CVE-2026-34091

Wikimedia Foundation CheckUserSuggested investigations: Handle suppressed usernames

Risk 43
Severity
4.8
First published (updated )
CVE-2026-34090

MediaWiki MediaWikiUsers API leaks whether privileged users have their user groups disabled for lack of 2FA

Risk 43
Severity
5.1
First published (updated )
CVE-2026-34087

Wikiworks MediaWiki - Cargo ExtensionStored XSS through the dynamic table format in Cargo

Risk 55
Severity
6.3
First published (updated )
CVE-2026-39837

Wikimedia Foundation Mediawiki - Cargo ExtensionStored XSS through list fields on Cargo's page values and Special:CargoTables

Risk 55
Severity
6.3
First published (updated )
CVE-2026-39841
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Wikimedia Foundation MediaWiki Cargo extensionCSS injection in multiple Cargo display formats

Risk 38
Severity
5.1
First published (updated )
CVE-2026-39840

Wikimedia Foundation Mediawiki - Cargo ExtensionStored XSS through URLs in Cargo's map format

Risk 55
Severity
6.3
First published (updated )
CVE-2026-39839

Wikimedia Foundation MediaWikiCodexTablePager has i18n XSS

Risk 38
Severity
6.1
First published (updated )
CVE-2025-61645

MediaWiki MediaWikiStored XSS through system messages in MW Core

Risk 29
Severity
4.8
First published (updated )
CVE-2025-61637

MediaWiki MediaWikiSanitizer::validateAttributes data-XSS

Risk 29
Severity
4.8
First published (updated )
CVE-2025-61638
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

MediaWiki MediaWikiSuppressed blocked IP is visible in Special:BlockList, RC, and other places

Risk 29
Severity
4.8
First published (updated )
CVE-2025-61639

MediaWiki MediaWikiStored XSS through system messages in Special:RecentChangesLinked (MW Core)

Risk 29
Severity
4.8
First published (updated )
CVE-2025-61640

MediaWiki MediaWikiCodex Special:Block vulnerable to message key XSS

Risk 29
Severity
4.8
First published (updated )
CVE-2025-61636

Wikimedia Foundation MediaWiki - VisualData ExtensionVisualData extension: Regular Expression Denial of Service (ReDoS) via crafted user input

Risk 19
Severity
5.3
EPSS
0.06%
First published (updated )
CVE-2026-0668

MediaWiki BucketBucket vulnerable to infinite recursion when querying a bucket using the != operator

Risk 38
Severity
6.5
First published (updated )
CVE-2025-61766
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

MediaWiki TitleIconTitleIcon: Stored Cross-Site Scripting (XSS) via #titleicon_unicode parser function

Risk 25
Severity
5.4
EPSS
0.03%
First published (updated )
CVE-2025-7363

MediaWiki MsUpload extensionMsUpload: Stored Cross-Site Scripting (XSS) via unsanitized msu-continue system message

Risk 25
Severity
5.4
EPSS
0.03%
First published (updated )
CVE-2025-7362

MediaWiki CheckUserCheckUser: Reflected Cross-Site Scripting (XSS) in Special:CheckUser via unsanitized internationalized message

Risk 34
Severity
5.4
First published (updated )
CVE-2025-53479

MediaWiki CheckUser extensionCheckUser: Reflected Cross-Site Scripting (XSS) in Special:Investigate (Account information tab) via unsanitized i18n messages

Risk 34
Severity
5.4
First published (updated )
CVE-2025-53480

MediaWiki CheckUserCheckUser: Reflected Cross-Site Scripting (XSS) in Special:Investigate via unsanitized i18n messages

Risk 34
Severity
5.4
First published (updated )
CVE-2025-53478
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

MediaWiki ApprovedRevs extensionApprovedRevs: Stored Cross-Site Scripting (XSS) via unsanitized system messages

Risk 34
Severity
5.4
First published (updated )
CVE-2025-53487

MediaWiki WikiCategoryTagCloudWikiCategoryTagCloud: Reflected Cross-Site Scripting (XSS) via linkstyle attribute in parser function

Risk 34
Severity
5.4
First published (updated )
CVE-2025-53486

Wikimedia Foundation Mediawiki - MassEditRegex ExtensionStored XSS in MassEditRegex

Risk 42
Severity
5.6
First published (updated )
CVE-2025-53500

Wikimedia Foundation Mediawiki - GoogleDocs4MW ExtensionXSS in GoogleDocs4MW

Risk 42
Severity
5.6
First published (updated )
CVE-2025-53489

Wikimedia Foundation MediaWiki - CampaignEvents extensionMultiple XSS in CampaignEvents

Risk 42
Severity
5.6
First published (updated )
CVE-2025-53490
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Wikimedia Foundation Mediawiki - MintyDocs ExtensionStored XSS in MintyDocs

Risk 40
Severity
6.5
First published (updated )
CVE-2025-53493

Wikimedia Foundation MediaWiki - TwoColConflict ExtensionStored XSS in TwoColConflict

Risk 40
Severity
6.5
First published (updated )
CVE-2025-53494

MediaWiki ManageWikiManageWiki Vulnerable to Self-XSS in review dialog via unsanitized field reflection

Risk 25
Severity
5.4
EPSS
0.03%
First published (updated )
CVE-2025-43861

MediaWiki ManageWikiManageWiki vulnerable to permission bypass when disabling extensions requiring certain permissions in Special:ManageWiki/extensions

Risk 22
Severity
4.6
EPSS
0.03%
First published (updated )
CVE-2025-32964

MediaWiki LakeusLakeus vulnerable to stored XSS via system messages

Risk 27
Severity
4.7
EPSS
0.07%
First published (updated )
CVE-2025-25287
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203