浏览 100+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-39936 | Stored XSS in Score due to usage of non-reserved data attributes | The Wikimedia Foundation | Mediawiki - Score Extension | - | - | 2026-04-07 22:11:04 | Deep Dive |
| CVE-2026-39935 | XSS-via-i18n in localised wiki names | The Wikimedia Foundation | Mediawiki - CampaignEvents Extension | - | - | 2026-04-07 22:04:02 | Deep Dive |
| CVE-2026-39934 | Growth Experiments ReassignMenteesJob runs as an infinite loop | The Wikimedia Foundation | Mediawiki - GrowthExperiments Extension | - | - | 2026-04-07 22:00:46 | Deep Dive |
| CVE-2026-39933 | Multiple XSS vulnerabilities in GlobalWatchlist | The Wikimedia Foundation | Mediawiki - GlobalWatchlist Extension | - | - | 2026-04-07 21:51:55 | Deep Dive |
| CVE-2026-39937 | Global vanishing does not completely remove user email | The Wikimedia Foundation | Mediawiki - CentralAuth Extension | - | - | 2026-04-07 21:44:47 | Deep Dive |
| CVE-2026-39837 | Stored XSS through the dynamic table format in Cargo | Wikimedia Foundation | Mediawiki - Cargo Extension | - | - | 2026-04-07 19:47:18 | Deep Dive |
| CVE-2026-39841 | Stored XSS through list fields on Cargo's page values and Special:CargoTables | Wikimedia Foundation | Mediawiki - Cargo Extension | - | - | 2026-04-07 19:43:48 | Deep Dive |
| CVE-2026-39840 | CSS injection in multiple Cargo display formats | Wikimedia Foundation | Mediawiki - Cargo Extension | - | - | 2026-04-07 19:35:36 | Deep Dive |
| CVE-2026-39839 | Stored XSS through URLs in Cargo's map format | Wikimedia Foundation | Mediawiki - Cargo Extension | - | - | 2026-04-07 19:29:11 | Deep Dive |
| CVE-2026-39838 | ProofreadPage improperly sanitizes multiline styles using Sanitizer::checkCSS | Wikimedia Foundation | MediaWiki - ProofreadPage Extension | - | - | 2026-04-07 19:17:52 | Deep Dive |
| CVE-2026-5762 | ReportIncident DiscussionTools integration causes slow requests | Wikimedia Foundation | MediaWiki - ReportIncident Extension | - | - | 2026-04-07 18:42:35 | Deep Dive |
| CVE-2026-22711 | Stored XSS through system messages in WikiLove | The Wikimedia Foundation | Mediawiki - Wikilove Extension | - | - | 2026-04-07 18:39:37 | Deep Dive |
| CVE-2025-11175 | DiscussionTools should use better regex | The Wikimedia Foundation | Mediawiki - DiscussionTools Extension | - | - | 2026-01-30 19:12:07 | Deep Dive |
| CVE-2026-0817 | CampaignEvents API missing authorization exposes meeting and chat URLs | Wikimedia Foundation | MediaWiki - CampaignEvents extension | 中危 | - | 2026-01-09 15:50:51 | Deep Dive |
| CVE-2026-22712 | ApprovedRevs allows bypassing the inline CSS sanitizer | The Wikimedia Foundation | Mediawiki - ApprovedRevs Extension | 中危 | - | 2026-01-09 00:06:22 | Deep Dive |
| CVE-2026-22713 | Stored XSS through edit summaries in GrowthExperiments | The Wikimedia Foundation | Mediawiki - GrowthExperiments Extension | 中危 | - | 2026-01-09 00:00:58 | Deep Dive |
| CVE-2026-22710 | Stored XSS through autocomment system messages in Wikibase | The Wikimedia Foundation | Mediawiki - Wikibase Extension | 中危 | - | 2026-01-08 23:48:52 | Deep Dive |
| CVE-2026-0671 | Multiple stored i18n/message-key XSSes in UploadWizard | Wikimedia Foundation | MediaWiki - UploadWizard extension | 中危 | - | 2026-01-08 16:21:24 | Deep Dive |
| CVE-2026-0670 | Stored XSS through a system message and a user-provided parameter in ProofreadPage | Wikimedia Foundation | MediaWiki - ProofreadPage Extension | 中危 | - | 2026-01-07 18:55:43 | Deep Dive |
| CVE-2026-0669 | Path Traversal vulnerability in CSS extension on certain web servers | Wikimedia Foundation | MediaWiki - CSS extension | 中危 | - | 2026-01-07 17:46:57 | Deep Dive |