Where
-Infinity
0

Trending

Last week
Last month
Last year

MediaWiki MediaWikiaction=raw with Special:Mypage subpage title responds with "Content-Type: text/html" on ctype=text/javascript request

Risk 38
Severity
First published (updated )
CVE-2026-34095

MediaWiki MediaWikiCustomized help link for page protection indicator is relative to subpage name, because the link target is missing the "/wiki/" prefix

Risk 26
Severity
2
First published (updated )
CVE-2026-34094

MediaWiki MediaWikiSpecial:UserRights allows viewing user rights from private wiki

Risk 27
Severity
1.1
First published (updated )
CVE-2026-34093

MediaWiki MediaWikiBlock UI elements in 'tools'-sidebar shows presence of an autoblocked IP

Risk 43
Severity
2.1
First published (updated )
CVE-2026-34092

MediaWiki MediaWikiUser localization leaked by AbuseFilter + EventStream

Risk 43
Severity
5.5
First published (updated )
CVE-2026-34091
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

MediaWiki MediaWikiRecentChanges entries expose suppressed content via generated log page html

Risk 43
Severity
1.3
First published (updated )
CVE-2026-34088

MediaWiki MediaWikiUsers API leaks whether privileged users have their user groups disabled for lack of 2FA

Risk 43
Severity
5.1
First published (updated )
CVE-2026-34087

MediaWiki MediaWikimw.message(…).parse() doesn't output safe HTML, but it's being used as if it does

Risk 38
Severity
First published (updated )
CVE-2025-67481

MediaWiki MediaWikiTheoretical i18n XSS in mediawiki.page.preview.js when a page has multiple protection levels

Risk 38
Severity
First published (updated )
CVE-2025-67483

MediaWiki MediaWikiAction API xslt option allows JavaScript execution by administrators who are not interface administrators

Risk 86
Severity
First published (updated )
CVE-2025-67484
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

MediaWiki MediaWikilist=allrevisions can be used to bypass Extension:Lockdown

Risk 38
Severity
First published (updated )
CVE-2025-67480

MediaWiki MediaWikiStored XSS through edit summaries in MW Core

Risk 38
Severity
First published (updated )
CVE-2025-67475

MediaWiki MediaWikiImporting leaks IP address of importer via EventStreams

Risk 22
Severity
1.3
First published (updated )
CVE-2025-67476

MediaWiki MediaWikiStored XSS through a system message in Special:ApiSandbox

Risk 38
Severity
First published (updated )
CVE-2025-67477

MediaWiki MediaWikiStored i18n XSS exposed by security patch for T402077

Risk 38
Severity
First published (updated )
CVE-2025-11261
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Wikimedia Foundation MediaWikiCodexTablePager has i18n XSS

Risk 38
Severity
6.1
First published (updated )
CVE-2025-61645

MediaWiki MediaWikiWatchlist group mode reveals authors of edits with hidden authorship

Risk 34
Severity
1.2
First published (updated )
CVE-2025-61646

MediaWiki MediaWikiStored XSS through system messages in MW Core

Risk 29
Severity
4.8
First published (updated )
CVE-2025-61637

MediaWiki MediaWikiSanitizer::validateAttributes data-XSS

Risk 29
Severity
4.8
First published (updated )
CVE-2025-61638

MediaWiki MediaWikiSuppressed blocked IP is visible in Special:BlockList, RC, and other places

Risk 29
Severity
4.8
First published (updated )
CVE-2025-61639
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

MediaWiki MediaWikiStored XSS through system messages in Special:RecentChangesLinked (MW Core)

Risk 29
Severity
4.8
First published (updated )
CVE-2025-61640

MediaWiki MediaWikiAPI list=allpages with maxsize is making really slow queries

Risk 38
Severity
1.7
First published (updated )
CVE-2025-61641

MediaWiki MediaWikiStored XSS through system messages provided to CodexHtmlForms

Risk 38
Severity
First published (updated )
CVE-2025-61642

MediaWiki MediaWikiEventStreams publishes suppressed recent change entries that are suppressed from their creation

Risk 38
Severity
2.7
First published (updated )
CVE-2025-61643

MediaWiki MediaWikiHTML rest endpoint needs PoolCounter and proper parser cache check

Risk 17
Severity
3.1
First published (updated )
CVE-2025-61634
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

MediaWiki MediaWikiCodex Special:Block vulnerable to message key XSS

Risk 29
Severity
4.8
First published (updated )
CVE-2025-61636

Wikimedia Foundation MediaWiki - CSS extensionPath Traversal vulnerability in CSS extension on certain web servers

Risk 31
Severity
7.5
EPSS
0.06%
First published (updated )
CVE-2026-0669

Wikimedia Foundation MediaWiki - VisualData ExtensionVisualData extension: Regular Expression Denial of Service (ReDoS) via crafted user input

Risk 19
Severity
5.3
EPSS
0.06%
First published (updated )
CVE-2026-0668

Wikimedia Foundation MediaWiki - CampaignEvents extensionMultiple XSS in CampaignEvents

Risk 42
Severity
5.6
First published (updated )
CVE-2025-53490

MediaWiki MediaWikiInfoleak

Risk 35
Severity
5.9
First published (updated )
CVE-2014-9481
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203