| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-62699 | Special:Translate tool does not use the correct IP and User-Agent in the CheckUser tool | The Wikimedia Foundation | Mediawiki - Translate Extension | - | - | 2025-10-21 03:48:50 | Deep Dive |
| CVE-2025-62658 | SQL injection in WatchAnalytics through Special:ClearPendingReviews | The Wikimedia Foundation | MediaWiki WatchAnalytics extension | - | - | 2025-10-20 20:23:22 | Deep Dive |
| CVE-2025-62657 | Stored XSS through system messages in PageForms | The Wikimedia Foundation | MediaWiki PageForms extension | - | - | 2025-10-20 20:19:33 | Deep Dive |
| CVE-2025-62656 | GlobalBlocking Special:GlobalBlockList vulnerable to message key stored XSS | The Wikimedia Foundation | MediaWiki GlobalBlocking extension | - | - | 2025-10-20 20:15:15 | Deep Dive |
| CVE-2025-62697 | Improperly sanitized style parameter in LanguageSelector | The Wikimedia Foundation | Mediawiki - LanguageSelector Extension | - | - | 2025-10-20 19:27:04 | Deep Dive |
| CVE-2025-62698 | Stored XSS through system messages in ExternalGuidance | The Wikimedia Foundation | Mediawiki - ExternalGuidance | - | - | 2025-10-20 18:07:46 | Deep Dive |
| CVE-2025-62700 | Stored XSS through a system message in MultiBoilerplate | The Wikimedia Foundation | Mediawiki - MultiBoilerplate Extensionmaste | - | - | 2025-10-20 17:53:53 | Deep Dive |
| CVE-2025-62693 | Stored XSS through system messages in LastModified | The Wikimedia Foundation | Mediawiki - LastModified Extension | - | - | 2025-10-20 17:51:29 | Deep Dive |
| CVE-2025-11937 | Stored XSS through a system message in SecurePoll | The Wikimedia Foundation | Mediawiki - SecurePoll Extension | - | - | 2025-10-18 05:14:56 | Deep Dive |
| CVE-2025-62666 | DoS vector through the cirrusbuilddoc query API | The Wikimedia Foundation | Mediawiki - CirrusSearch Extension | - | - | 2025-10-18 04:47:52 | Deep Dive |
| CVE-2025-62667 | Stored XSS through article extracts in GrowthExperiments | The Wikimedia Foundation | Mediawiki - GrowthExperiments Extension | - | - | 2025-10-18 04:42:31 | Deep Dive |
| CVE-2025-62668 | Insufficient permission checks in action=growthsetmentor | The Wikimedia Foundation | Mediawiki - GrowthExperiments Extension | - | - | 2025-10-18 04:39:28 | Deep Dive |
| CVE-2025-62669 | UserInfoCard: activeLocalBlocksAllWikis does not do permissions checks | The Wikimedia Foundation | Mediawiki - CentralAuth Extension | - | - | 2025-10-18 04:34:35 | Deep Dive |
| CVE-2025-62670 | Stored XSS through a system message in FlexDiagrams | The Wikimedia Foundation | Mediawiki - FlexDiagrams Extension | - | - | 2025-10-18 04:29:48 | Deep Dive |
| CVE-2025-62671 | Stored XSS through wikitext in Cargo | The Wikimedia Foundation | Mediawiki - Cargo Extension | - | - | 2025-10-18 04:24:36 | Deep Dive |
| CVE-2025-62662 | Stored XSS through system messages in AdvancedSearch | The Wikimedia Foundation | Mediawiki - AdvancedSearch Extension | - | - | 2025-10-18 04:19:31 | Deep Dive |
| CVE-2025-62663 | Stored XSS through a system message in UploadWizard | The Wikimedia Foundation | Mediawiki - UploadWizard Extension | - | - | 2025-10-18 04:16:01 | Deep Dive |
| CVE-2025-62664 | Stored XSS through a system message in ImageRating | The Wikimedia Foundation | Mediawiki - ImageRating Extension | - | - | 2025-10-18 04:13:27 | Deep Dive |
| CVE-2025-62665 | Stored XSS through system messages in Skin:BlueSky | Wikimedia Foundation | Mediawiki - Skin:BlueSky | - | - | 2025-10-18 04:10:27 | Deep Dive |
| CVE-2025-62655 | SQL injection in Cargo via Special:CargoExport | The Wikimedia Foundation | MediaWiki Cargo extension | - | - | 2025-10-17 22:46:29 | Deep Dive |