Where
AND
-Infinity
0

Trending

Last week
Last month
Last year

MediaWiki MediaWikiUser localization leaked by AbuseFilter + EventStream

Risk 43
Severity
5.5
First published (updated )
CVE-2026-34091

MediaWiki MediaWikiUsers API leaks whether privileged users have their user groups disabled for lack of 2FA

Risk 43
Severity
5.1
First published (updated )
CVE-2026-34087

Wikimedia Foundation MediaWikiCodexTablePager has i18n XSS

Risk 38
Severity
6.1
First published (updated )
CVE-2025-61645

MediaWiki MediaWikiStored XSS through system messages in MW Core

Risk 29
Severity
4.8
First published (updated )
CVE-2025-61637

MediaWiki MediaWikiSanitizer::validateAttributes data-XSS

Risk 29
Severity
4.8
First published (updated )
CVE-2025-61638
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

MediaWiki MediaWikiSuppressed blocked IP is visible in Special:BlockList, RC, and other places

Risk 29
Severity
4.8
First published (updated )
CVE-2025-61639

MediaWiki MediaWikiStored XSS through system messages in Special:RecentChangesLinked (MW Core)

Risk 29
Severity
4.8
First published (updated )
CVE-2025-61640

MediaWiki MediaWikiCodex Special:Block vulnerable to message key XSS

Risk 29
Severity
4.8
First published (updated )
CVE-2025-61636

Wikimedia Foundation MediaWiki - VisualData ExtensionVisualData extension: Regular Expression Denial of Service (ReDoS) via crafted user input

Risk 19
Severity
5.3
EPSS
0.06%
First published (updated )
CVE-2026-0668

Wikimedia Foundation MediaWiki - CampaignEvents extensionMultiple XSS in CampaignEvents

Risk 42
Severity
5.6
First published (updated )
CVE-2025-53490
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

MediaWiki MediaWikiInfoleak

Risk 35
Severity
5.9
First published (updated )
CVE-2014-9481

MediaWiki MediaWikiXSS

Risk 38
Severity
6.1
First published (updated )
CVE-2013-1951

composer/mediawiki/coreInfoleak

Risk 28
Severity
5.3
First published (updated )
CVE-2019-16738

composer/mediawiki/coreTarball was missing .htaccess files

Risk 28
Severity
5.3
First published (updated )
CVE-2018-13258

composer/mediawiki/coreBotPasswords can bypass CentralAuth's account lock

Risk 40
Severity
6.5
First published (updated )
CVE-2018-0505
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

composer/mediawiki/coreInformation disclosure in Special:Redirect/logid

Risk 40
Severity
6.5
First published (updated )
CVE-2018-0504

MediaWiki MediaWikiSVG filter evasion using default attribute values in DTD declaration

Risk 34
Severity
5.4
First published (updated )
CVE-2017-0366

MediaWiki MediaWikiMake rawHTML mode not apply to system messages

Risk 27
Severity
5.3
First published (updated )
CVE-2017-0368

MediaWiki MediaWikiXSS in SearchHighlighter::highlightText() [requires non-default config]

Risk 31
Severity
4.7
First published (updated )
CVE-2017-0365

MediaWiki MediaWikiSpecial:UserLogin?returnto=interwiki:foo will redirect to external sites

Risk 38
Severity
6.1
First published (updated )
CVE-2017-0363
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

MediaWiki MediaWikiSpam blacklist ineffective on encoded URLs inside file inclusion syntax's link parameter

Risk 27
Severity
5.3
First published (updated )
CVE-2017-0370

MediaWiki MediaWikiSysops can undelete pages, although the page is protected against it

Risk 38
Severity
6.5
First published (updated )
CVE-2017-0369

MediaWiki MediaWikiSpecial:Search allows redirects to any interwiki link

Risk 38
Severity
6.1
First published (updated )
CVE-2017-0364

MediaWiki MediaWikiInfoleak

Risk 30
Severity
4.9
First published (updated )
CVE-2012-4382

MediaWiki MediaWikiInfoleak

Risk 26
Severity
5
First published (updated )
CVE-2013-7444
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

MediaWiki MediaWikiXSS

Risk 22
Severity
4.3
First published (updated )
CVE-2014-9479

MediaWiki MediaWikiXSS

Risk 22
Severity
4.3
First published (updated )
CVE-2014-9480

MediaWiki MediaWikiMediaWiki 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote attacker…

Risk 26
Severity
5
First published (updated )
CVE-2014-9476

MediaWiki MediaWikiXSS

Risk 22
Severity
4.3
First published (updated )
CVE-2014-9477

MediaWiki MediaWikiSession fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x befo…

Risk 47
Severity
6.8
First published (updated )
CVE-2012-5395
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203