| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-0817 | CampaignEvents API missing authorization exposes meeting and chat URLs | Wikimedia Foundation | MediaWiki - CampaignEvents extension | 中危 | - | 2026-01-09 15:50:51 | Deep Dive |
| CVE-2026-22712 | ApprovedRevs allows bypassing the inline CSS sanitizer | The Wikimedia Foundation | Mediawiki - ApprovedRevs Extension | 中危 | - | 2026-01-09 00:06:22 | Deep Dive |
| CVE-2026-22713 | Stored XSS through edit summaries in GrowthExperiments | The Wikimedia Foundation | Mediawiki - GrowthExperiments Extension | 中危 | - | 2026-01-09 00:00:58 | Deep Dive |
| CVE-2026-22714 | i18n XSS, DoS and config SQLI in Monaco | The Wikimedia Foundation | Mediawiki - Monaco Skin | 中危 | - | 2026-01-08 23:56:07 | Deep Dive |
| CVE-2026-22710 | Stored XSS through autocomment system messages in Wikibase | The Wikimedia Foundation | Mediawiki - Wikibase Extension | 中危 | - | 2026-01-08 23:48:52 | Deep Dive |
| CVE-2026-0671 | Multiple stored i18n/message-key XSSes in UploadWizard | Wikimedia Foundation | MediaWiki - UploadWizard extension | 中危 | - | 2026-01-08 16:21:24 | Deep Dive |
| CVE-2026-0670 | Stored XSS through a system message and a user-provided parameter in ProofreadPage | Wikimedia Foundation | MediaWiki - ProofreadPage Extension | 中危 | - | 2026-01-07 18:55:43 | Deep Dive |
| CVE-2026-0669 | Path Traversal vulnerability in CSS extension on certain web servers | Wikimedia Foundation | MediaWiki - CSS extension | 中危 | - | 2026-01-07 17:46:57 | Deep Dive |
| CVE-2026-0668 | VisualData extension: Regular Expression Denial of Service (ReDoS) via crafted user input | Wikimedia Foundation | MediaWiki - VisualData Extension | 中危 | - | 2026-01-07 17:36:19 | Deep Dive |
| CVE-2025-62659 | The CookieConsent extension does not properly use reserved data attributes, thus introducing potential XSS vectors | The Wikimedia Foundation | MediaWiki CookieConsent extension | - | - | 2025-10-22 15:31:29 | Deep Dive |
| CVE-2025-52738 | WordPress Wikipedia Preview plugin <= 1.15.0 - Broken Access Control vulnerability | Wikimedia Foundation | Wikipedia Preview | Medium | 6.5 | 2025-10-22 14:32:23 | Deep Dive |
| CVE-2025-62661 | Do permission checking when getting counts of global and local edits, new articles and thanks | The Wikimedia Foundation | Mediawiki - Thanks Extension, Mediawiki - Growth Experiments Extension | - | - | 2025-10-21 19:33:26 | Deep Dive |
| CVE-2025-12004 | The compare API module breaks Extension:Lockdown | The Wikimedia Foundation | Mediawiki - Lockdown Extension | - | - | 2025-10-21 06:20:04 | Deep Dive |
| CVE-2025-62701 | Stored XSS through system messages | The Wikimedia Foundation | Mediawiki - Wikistories | - | - | 2025-10-21 04:45:05 | Deep Dive |
| CVE-2025-62702 | Stored XSS through system messages | The Wikimedia Foundation | Mediawiki - PageTriage Extension | - | - | 2025-10-21 04:42:28 | Deep Dive |
| CVE-2025-62694 | Stored XSS through a system message | The Wikimedia Foundation | Mediawiki - WikiLove Extension | - | - | 2025-10-21 04:28:15 | Deep Dive |
| CVE-2025-62695 | Stored XSS through system messages | The Wikimedia Foundation | Mediawiki - WikiLambda Extension | - | - | 2025-10-21 04:02:01 | Deep Dive |
| CVE-2025-62696 | Multiple critical security issues in Springboard | The Wikimedia Foundation | Mediawiki Foundation - Springboard Extension | - | - | 2025-10-21 03:58:06 | Deep Dive |
| CVE-2025-62699 | Special:Translate tool does not use the correct IP and User-Agent in the CheckUser tool | The Wikimedia Foundation | Mediawiki - Translate Extension | - | - | 2025-10-21 03:48:50 | Deep Dive |
| CVE-2025-62658 | SQL injection in WatchAnalytics through Special:ClearPendingReviews | The Wikimedia Foundation | MediaWiki WatchAnalytics extension | - | - | 2025-10-20 20:23:22 | Deep Dive |