| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-67475 | Stored XSS through edit summaries in MW Core | Wikimedia Foundation | MediaWiki | - | - | 2026-02-03 01:21:09 | Deep Dive |
| CVE-2025-67476 | Importing leaks IP address of importer via EventStreams | Wikimedia Foundation | MediaWiki | - | - | 2026-02-03 01:18:55 | Deep Dive |
| CVE-2025-67477 | Stored XSS through a system message in Special:ApiSandbox | Wikimedia Foundation | MediaWiki | - | - | 2026-02-03 01:16:41 | Deep Dive |
| CVE-2025-67478 | Wrong E-Mail address composition for usernames with a comma and Umlauts in it like "Döe, Jähn" | Wikimedia Foundation | CheckUser | - | - | 2026-02-03 01:14:18 | Deep Dive |
| CVE-2025-67479 | Magic word replacement in legacy parser allows using reserved data attributes through wikitext | Wikimedia Foundation | MediaWiki | - | - | 2026-02-03 01:12:22 | Deep Dive |
| CVE-2025-61654 | UserInfoCard: Do permission checking when getting counts of global and local edits, new articles and thanks | Wikimedia Foundation | Thanks | - | - | 2026-02-03 01:08:57 | Deep Dive |
| CVE-2025-61655 | Stored XSS through system messages in VisualEditor | Wikimedia Foundation | VisualEditor | - | - | 2026-02-03 01:04:36 | Deep Dive |
| CVE-2025-61656 | XSS when pasting into VE | Wikimedia Foundation | VisualEditor | - | - | 2026-02-03 01:02:49 | Deep Dive |
| CVE-2025-61657 | Wikimedia Vector 安全漏洞 | Wikimedia Foundation | Vector | - | - | 2026-02-03 01:01:00 | Deep Dive |
| CVE-2025-61658 | Special:GlobalContributions shows edits on wikis the viewer doesn't have access to | Wikimedia Foundation | CheckUser | - | - | 2026-02-03 00:59:30 | Deep Dive |
| CVE-2025-61653 | Extension:TextExtracts does not check for authorizeRead when returning extracts | Wikimedia Foundation | TextExtracts | - | - | 2026-02-03 00:57:18 | Deep Dive |
| CVE-2025-61652 | Action API discussiontoolspageinfo does not check for authorizeRead for the page | Wikimedia Foundation | DiscussionTools | - | - | 2026-02-03 00:55:24 | Deep Dive |
| CVE-2025-61651 | i18n XSS through Special:CheckUser CheckUser helper | Wikimedia Foundation | CheckUser | - | - | 2026-02-03 00:53:15 | Deep Dive |
| CVE-2025-11173 | Reauth for enabling 2FA can be bypassed by submitting a form | Wikimedia Foundation | OATHAuth | - | - | 2026-02-03 00:27:45 | Deep Dive |
| CVE-2025-11261 | Stored i18n XSS exposed by security patch for T402077 | Wikimedia Foundation | MediaWiki | - | - | 2026-02-03 00:25:01 | Deep Dive |
| CVE-2025-61648 | Stored XSS through system messages in CheckUser | Wikimedia Foundation | CheckUser | - | - | 2026-02-03 00:19:43 | Deep Dive |
| CVE-2025-61649 | UserInfoCard: Check that performing user has permission to view log entries for number of past blocks | Wikimedia Foundation | CheckUser | - | - | 2026-02-03 00:17:18 | Deep Dive |
| CVE-2025-61650 | UserInfoCard is vulnerable to message key stored XSS | Wikimedia Foundation | CheckUser | - | - | 2026-02-03 00:15:24 | Deep Dive |
| CVE-2025-61645 | CodexTablePager has i18n XSS | Wikimedia Foundation | MediaWiki | - | - | 2026-02-03 00:13:23 | Deep Dive |
| CVE-2025-61646 | Watchlist group mode reveals authors of edits with hidden authorship | Wikimedia Foundation | MediaWiki | - | - | 2026-02-03 00:11:29 | Deep Dive |