| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-0668 | VisualData extension: Regular Expression Denial of Service (ReDoS) via crafted user input | Wikimedia Foundation | MediaWiki - VisualData Extension | 中危 | - | 2026-01-07 17:36:19 | Deep Dive |
| CVE-2025-62659 | The CookieConsent extension does not properly use reserved data attributes, thus introducing potential XSS vectors | The Wikimedia Foundation | MediaWiki CookieConsent extension | - | - | 2025-10-22 15:31:29 | Deep Dive |
| CVE-2025-62661 | Do permission checking when getting counts of global and local edits, new articles and thanks | The Wikimedia Foundation | Mediawiki - Thanks Extension, Mediawiki - Growth Experiments Extension | - | - | 2025-10-21 19:33:26 | Deep Dive |
| CVE-2025-12004 | The compare API module breaks Extension:Lockdown | The Wikimedia Foundation | Mediawiki - Lockdown Extension | - | - | 2025-10-21 06:20:04 | Deep Dive |
| CVE-2025-62702 | Stored XSS through system messages | The Wikimedia Foundation | Mediawiki - PageTriage Extension | - | - | 2025-10-21 04:42:28 | Deep Dive |
| CVE-2025-62694 | Stored XSS through a system message | The Wikimedia Foundation | Mediawiki - WikiLove Extension | - | - | 2025-10-21 04:28:15 | Deep Dive |
| CVE-2025-62695 | Stored XSS through system messages | The Wikimedia Foundation | Mediawiki - WikiLambda Extension | - | - | 2025-10-21 04:02:01 | Deep Dive |
| CVE-2025-62696 | Multiple critical security issues in Springboard | The Wikimedia Foundation | Mediawiki Foundation - Springboard Extension | - | - | 2025-10-21 03:58:06 | Deep Dive |
| CVE-2025-62699 | Special:Translate tool does not use the correct IP and User-Agent in the CheckUser tool | The Wikimedia Foundation | Mediawiki - Translate Extension | - | - | 2025-10-21 03:48:50 | Deep Dive |
| CVE-2025-62658 | SQL injection in WatchAnalytics through Special:ClearPendingReviews | The Wikimedia Foundation | MediaWiki WatchAnalytics extension | - | - | 2025-10-20 20:23:22 | Deep Dive |
| CVE-2025-62657 | Stored XSS through system messages in PageForms | The Wikimedia Foundation | MediaWiki PageForms extension | - | - | 2025-10-20 20:19:33 | Deep Dive |
| CVE-2025-62656 | GlobalBlocking Special:GlobalBlockList vulnerable to message key stored XSS | The Wikimedia Foundation | MediaWiki GlobalBlocking extension | - | - | 2025-10-20 20:15:15 | Deep Dive |
| CVE-2025-62697 | Improperly sanitized style parameter in LanguageSelector | The Wikimedia Foundation | Mediawiki - LanguageSelector Extension | - | - | 2025-10-20 19:27:04 | Deep Dive |
| CVE-2025-62693 | Stored XSS through system messages in LastModified | The Wikimedia Foundation | Mediawiki - LastModified Extension | - | - | 2025-10-20 17:51:29 | Deep Dive |
| CVE-2025-11937 | Stored XSS through a system message in SecurePoll | The Wikimedia Foundation | Mediawiki - SecurePoll Extension | - | - | 2025-10-18 05:14:56 | Deep Dive |
| CVE-2025-62666 | DoS vector through the cirrusbuilddoc query API | The Wikimedia Foundation | Mediawiki - CirrusSearch Extension | - | - | 2025-10-18 04:47:52 | Deep Dive |
| CVE-2025-62667 | Stored XSS through article extracts in GrowthExperiments | The Wikimedia Foundation | Mediawiki - GrowthExperiments Extension | - | - | 2025-10-18 04:42:31 | Deep Dive |
| CVE-2025-62668 | Insufficient permission checks in action=growthsetmentor | The Wikimedia Foundation | Mediawiki - GrowthExperiments Extension | - | - | 2025-10-18 04:39:28 | Deep Dive |
| CVE-2025-62669 | UserInfoCard: activeLocalBlocksAllWikis does not do permissions checks | The Wikimedia Foundation | Mediawiki - CentralAuth Extension | - | - | 2025-10-18 04:34:35 | Deep Dive |
| CVE-2025-62670 | Stored XSS through a system message in FlexDiagrams | The Wikimedia Foundation | Mediawiki - FlexDiagrams Extension | - | - | 2025-10-18 04:29:48 | Deep Dive |