| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-61656 | XSS when pasting into VE | Wikimedia Foundation | VisualEditor | - | - | 2026-02-03 01:02:49 | Deep Dive |
| CVE-2025-61657 | Wikimedia Vector 安全漏洞 | Wikimedia Foundation | Vector | - | - | 2026-02-03 01:01:00 | Deep Dive |
| CVE-2025-61658 | Special:GlobalContributions shows edits on wikis the viewer doesn't have access to | Wikimedia Foundation | CheckUser | - | - | 2026-02-03 00:59:30 | Deep Dive |
| CVE-2025-61653 | Extension:TextExtracts does not check for authorizeRead when returning extracts | Wikimedia Foundation | TextExtracts | - | - | 2026-02-03 00:57:18 | Deep Dive |
| CVE-2025-61652 | Action API discussiontoolspageinfo does not check for authorizeRead for the page | Wikimedia Foundation | DiscussionTools | - | - | 2026-02-03 00:55:24 | Deep Dive |
| CVE-2025-61651 | i18n XSS through Special:CheckUser CheckUser helper | Wikimedia Foundation | CheckUser | - | - | 2026-02-03 00:53:15 | Deep Dive |
| CVE-2025-11173 | Reauth for enabling 2FA can be bypassed by submitting a form | Wikimedia Foundation | OATHAuth | - | - | 2026-02-03 00:27:45 | Deep Dive |
| CVE-2025-11261 | Stored i18n XSS exposed by security patch for T402077 | Wikimedia Foundation | MediaWiki | - | - | 2026-02-03 00:25:01 | Deep Dive |
| CVE-2025-61648 | Stored XSS through system messages in CheckUser | Wikimedia Foundation | CheckUser | - | - | 2026-02-03 00:19:43 | Deep Dive |
| CVE-2025-61649 | UserInfoCard: Check that performing user has permission to view log entries for number of past blocks | Wikimedia Foundation | CheckUser | - | - | 2026-02-03 00:17:18 | Deep Dive |
| CVE-2025-61650 | UserInfoCard is vulnerable to message key stored XSS | Wikimedia Foundation | CheckUser | - | - | 2026-02-03 00:15:24 | Deep Dive |
| CVE-2025-61645 | CodexTablePager has i18n XSS | Wikimedia Foundation | MediaWiki | - | - | 2026-02-03 00:13:23 | Deep Dive |
| CVE-2025-61646 | Watchlist group mode reveals authors of edits with hidden authorship | Wikimedia Foundation | MediaWiki | - | - | 2026-02-03 00:11:29 | Deep Dive |
| CVE-2025-61647 | UserInfoCard: Don't allow access to information about users who are suppressed if you don't have suppressor rights | Wikimedia Foundation | CheckUser | - | - | 2026-02-03 00:02:04 | Deep Dive |
| CVE-2025-61644 | i18n XSS through Special:Watchlist | Wikimedia Foundation | MediaWiki | - | - | 2026-02-02 23:57:18 | Deep Dive |
| CVE-2025-61637 | Stored XSS through system messages in MW Core | Wikimedia Foundation | MediaWiki | - | - | 2026-02-02 23:54:04 | Deep Dive |
| CVE-2025-61638 | Sanitizer::validateAttributes data-XSS | Wikimedia Foundation | MediaWiki | - | - | 2026-02-02 23:52:10 | Deep Dive |
| CVE-2025-61639 | Suppressed blocked IP is visible in Special:BlockList, RC, and other places | Wikimedia Foundation | MediaWiki | - | - | 2026-02-02 23:48:03 | Deep Dive |
| CVE-2025-61640 | Stored XSS through system messages in Special:RecentChangesLinked (MW Core) | Wikimedia Foundation | MediaWiki | - | - | 2026-02-02 23:42:04 | Deep Dive |
| CVE-2025-61641 | API list=allpages with maxsize is making really slow queries | Wikimedia Foundation | MediaWiki | - | - | 2026-02-02 23:39:39 | Deep Dive |