Associated Vulnerability

CVE ID	Title	Vendor	Product	Severity	CVSS Score	Published At	AI Analysis
CVE-2025-67477	Stored XSS through a system message in Special:ApiSandbox	Wikimedia Foundation	MediaWiki	-	-	2026-02-03 01:16:41	Deep Dive
CVE-2025-67479	Magic word replacement in legacy parser allows using reserved data attributes through wikitext	Wikimedia Foundation	MediaWiki	-	-	2026-02-03 01:12:22	Deep Dive
CVE-2025-11261	Stored i18n XSS exposed by security patch for T402077	Wikimedia Foundation	MediaWiki	-	-	2026-02-03 00:25:01	Deep Dive
CVE-2025-61645	CodexTablePager has i18n XSS	Wikimedia Foundation	MediaWiki	-	-	2026-02-03 00:13:23	Deep Dive
CVE-2025-61646	Watchlist group mode reveals authors of edits with hidden authorship	Wikimedia Foundation	MediaWiki	-	-	2026-02-03 00:11:29	Deep Dive
CVE-2025-61644	i18n XSS through Special:Watchlist	Wikimedia Foundation	MediaWiki	-	-	2026-02-02 23:57:18	Deep Dive
CVE-2025-61637	Stored XSS through system messages in MW Core	Wikimedia Foundation	MediaWiki	-	-	2026-02-02 23:54:04	Deep Dive
CVE-2025-61638	Sanitizer::validateAttributes data-XSS	Wikimedia Foundation	MediaWiki	-	-	2026-02-02 23:52:10	Deep Dive
CVE-2025-61639	Suppressed blocked IP is visible in Special:BlockList, RC, and other places	Wikimedia Foundation	MediaWiki	-	-	2026-02-02 23:48:03	Deep Dive
CVE-2025-61640	Stored XSS through system messages in Special:RecentChangesLinked (MW Core)	Wikimedia Foundation	MediaWiki	-	-	2026-02-02 23:42:04	Deep Dive
CVE-2025-61641	API list=allpages with maxsize is making really slow queries	Wikimedia Foundation	MediaWiki	-	-	2026-02-02 23:39:39	Deep Dive
CVE-2025-61642	Stored XSS through system messages provided to CodexHtmlForms	Wikimedia Foundation	MediaWiki	-	-	2026-02-02 23:36:43	Deep Dive
CVE-2025-61643	EventStreams publishes suppressed recent change entries that are suppressed from their creation	Wikimedia Foundation	MediaWiki	-	-	2026-02-02 23:33:50	Deep Dive
CVE-2025-61634	HTML rest endpoint needs PoolCounter and proper parser cache check	Wikimedia Foundation	MediaWiki	-	-	2026-02-02 23:28:54	Deep Dive
CVE-2025-61636	Codex Special:Block vulnerable to message key XSS	Wikimedia Foundation	MediaWiki	-	-	2026-02-02 23:23:27	Deep Dive
CVE-2025-6589	With MultiBlocks enabled and a user who is suppressed via a MultiBlock, a user without 'hideuser' can see the hidden username in the BlockList	Wikimedia Foundation	MediaWiki	-	-	2026-02-02 23:03:46	Deep Dive
CVE-2025-6590	Complete content leak of private wikis due to PasswordReset Wikitext injection in error message	Wikimedia Foundation	MediaWiki	-	-	2026-02-02 23:03:08	Deep Dive
CVE-2025-6591	HTML injection in API action=feedcontributions output from i18n message	Wikimedia Foundation	MediaWiki	-	-	2026-02-02 23:02:34	Deep Dive
CVE-2025-6593	"{{SITENAME}} registered email address has been changed" email sent to unverified email addresses	Wikimedia Foundation	MediaWiki	-	-	2026-02-02 23:01:29	Deep Dive
CVE-2025-6594	XSS in Special:ApiSandbox	Wikimedia Foundation	MediaWiki	-	-	2026-02-02 23:00:58	Deep Dive

Support Us — Your donation helps us keep running

Associated Vulnerability