| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-67478 | Wrong E-Mail address composition for usernames with a comma and Umlauts in it like "Döe, Jähn" | Wikimedia Foundation | CheckUser | - | - | 2026-02-03 01:14:18 | Deep Dive |
| CVE-2025-67479 | Magic word replacement in legacy parser allows using reserved data attributes through wikitext | Wikimedia Foundation | MediaWiki | - | - | 2026-02-03 01:12:22 | Deep Dive |
| CVE-2025-61654 | UserInfoCard: Do permission checking when getting counts of global and local edits, new articles and thanks | Wikimedia Foundation | Thanks | - | - | 2026-02-03 01:08:57 | Deep Dive |
| CVE-2025-61655 | Stored XSS through system messages in VisualEditor | Wikimedia Foundation | VisualEditor | - | - | 2026-02-03 01:04:36 | Deep Dive |
| CVE-2025-61656 | XSS when pasting into VE | Wikimedia Foundation | VisualEditor | - | - | 2026-02-03 01:02:49 | Deep Dive |
| CVE-2025-61657 | Wikimedia Vector 安全漏洞 | Wikimedia Foundation | Vector | - | - | 2026-02-03 01:01:00 | Deep Dive |
| CVE-2025-61658 | Special:GlobalContributions shows edits on wikis the viewer doesn't have access to | Wikimedia Foundation | CheckUser | - | - | 2026-02-03 00:59:30 | Deep Dive |
| CVE-2025-61653 | Extension:TextExtracts does not check for authorizeRead when returning extracts | Wikimedia Foundation | TextExtracts | - | - | 2026-02-03 00:57:18 | Deep Dive |
| CVE-2025-61652 | Action API discussiontoolspageinfo does not check for authorizeRead for the page | Wikimedia Foundation | DiscussionTools | - | - | 2026-02-03 00:55:24 | Deep Dive |
| CVE-2025-61651 | i18n XSS through Special:CheckUser CheckUser helper | Wikimedia Foundation | CheckUser | - | - | 2026-02-03 00:53:15 | Deep Dive |
| CVE-2025-11173 | Reauth for enabling 2FA can be bypassed by submitting a form | Wikimedia Foundation | OATHAuth | - | - | 2026-02-03 00:27:45 | Deep Dive |
| CVE-2025-11261 | Stored i18n XSS exposed by security patch for T402077 | Wikimedia Foundation | MediaWiki | - | - | 2026-02-03 00:25:01 | Deep Dive |
| CVE-2025-61648 | Stored XSS through system messages in CheckUser | Wikimedia Foundation | CheckUser | - | - | 2026-02-03 00:19:43 | Deep Dive |
| CVE-2025-61649 | UserInfoCard: Check that performing user has permission to view log entries for number of past blocks | Wikimedia Foundation | CheckUser | - | - | 2026-02-03 00:17:18 | Deep Dive |
| CVE-2025-61650 | UserInfoCard is vulnerable to message key stored XSS | Wikimedia Foundation | CheckUser | - | - | 2026-02-03 00:15:24 | Deep Dive |
| CVE-2025-61645 | CodexTablePager has i18n XSS | Wikimedia Foundation | MediaWiki | - | - | 2026-02-03 00:13:23 | Deep Dive |
| CVE-2025-61646 | Watchlist group mode reveals authors of edits with hidden authorship | Wikimedia Foundation | MediaWiki | - | - | 2026-02-03 00:11:29 | Deep Dive |
| CVE-2025-61647 | UserInfoCard: Don't allow access to information about users who are suppressed if you don't have suppressor rights | Wikimedia Foundation | CheckUser | - | - | 2026-02-03 00:02:04 | Deep Dive |
| CVE-2025-61644 | i18n XSS through Special:Watchlist | Wikimedia Foundation | MediaWiki | - | - | 2026-02-02 23:57:18 | Deep Dive |
| CVE-2025-61637 | Stored XSS through system messages in MW Core | Wikimedia Foundation | MediaWiki | - | - | 2026-02-02 23:54:04 | Deep Dive |