| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-32080 | Cross-origin data leak in mobilefrontend via lazy load images | The Wikimedia Foundation | Mediawiki - Mobile Frontend Extension | - | - | 2025-04-11 16:24:00 | Deep Dive |
| CVE-2025-32076 | Evil regex used to process user-provided data in VisualData | The Wikimedia Foundation | Mediawiki - Visual Data Extension | - | - | 2025-04-11 16:23:36 | Deep Dive |
| CVE-2025-32074 | XSSes in Extension:ConfirmAccount | The Wikimedia Foundation | Mediawiki - Confirm Account Extension | - | - | 2025-04-11 16:22:23 | Deep Dive |
| CVE-2025-32075 | IP and user agent leaks in Extension:Tabs | The Wikimedia Foundation | Mediawiki - Tabs Extension | - | - | 2025-04-11 16:22:00 | Deep Dive |
| CVE-2025-32067 | i18n XSS vulnerability in message growthexperiments | The Wikimedia Foundation | Mediawiki - Growth Experiments Extension | - | - | 2025-04-11 16:21:34 | Deep Dive |
| CVE-2025-32068 | Revoking authorization of OAuth2 consumer does not invalidate refresh tokens | The Wikimedia Foundation | Mediawiki - OAuth Extension | - | - | 2025-04-11 16:21:12 | Deep Dive |
| CVE-2025-32069 | Wikitext stored XSS on filepages due to dangerous WBMI serialization | The Wikimedia Foundation | Mediawiki - Wikibase Media Info Extension | - | - | 2025-04-11 16:20:49 | Deep Dive |
| CVE-2025-32070 | XSSes in AJAXPoll | The Wikimedia Foundation | Mediawiki - AJAX Poll Extension | - | - | 2025-04-11 16:20:24 | Deep Dive |
| CVE-2025-32071 | Wikibase CommonsInlineImageFormatter: i18n XSS | The Wikimedia Foundation | Mediawiki - Wikidata Extension | - | - | 2025-04-11 16:19:46 | Deep Dive |
| CVE-2025-23074 | Special:EditProfile exposes the contents of profile fields marked "hidden"/friends or "friends of friends" when the privileged user isn't a friend of the user whose profile they edit(ed) | Wikimedia Foundation | Mediawiki - SocialProfile Extension | 低危 | - | 2025-01-14 18:58:20 | Deep Dive |
| CVE-2025-23073 | API list=globalblocks can reveal IP of autoblock if username and IP are included in the bgtargets parameter | Wikimedia Foundation | Mediawiki - GlobalBlocking Extension | 中危 | - | 2025-01-14 18:45:32 | Deep Dive |
| CVE-2025-23072 | XSS in Special:RefreshSpecial | Wikimedia Foundation | Mediawiki - RefreshSpecial Extension | 中危 | - | 2025-01-14 18:29:21 | Deep Dive |
| CVE-2025-23081 | Various security vulnerabilities in Extension:DataTransfer | Wikimedia Foundation | Mediawiki - DataTransfer Extension | 中危 | - | 2025-01-14 16:56:42 | Deep Dive |
| CVE-2025-23080 | XSSes in Special:BadgeView | Wikimedia Foundation | Mediawiki - OpenBadges Extension | 中危 | - | 2025-01-14 16:40:42 | Deep Dive |
| CVE-2025-23079 | XSSes in Extension:ArticleFeedbackv5 | Wikimedia Foundation | Mediawiki - ArticleFeedbackv5 extension | 中危 | - | 2025-01-10 19:03:15 | Deep Dive |
| CVE-2025-23078 | XSS in BreadCrumbs2 | Wikimedia Foundation | Mediawiki - Breadcrumbs2 extension | 中危 | - | 2025-01-10 17:57:21 | Deep Dive |
| CVE-2024-47841 | Path traversal when loading stylesheets | The Wikimedia Foundation | Mediawiki - CSS Extension | 中危 | - | 2024-10-05 01:02:32 | Deep Dive |
| CVE-2024-47845 | CSS sanitizer used incorrectly, and is easily bypassed | The Wikimedia Foundation | Mediawiki - CSS Extension | 中危 | - | 2024-10-05 00:09:09 | Deep Dive |
| CVE-2017-20175 | DaSchTour matomo-mediawiki-extension Username Piwik.hooks.php cross site scripting | DaSchTour | matomo-mediawiki-extension | Low | 2.6 | 2023-02-05 19:57:03 | Deep Dive |
| CVE-2017-0372 | Parameters injection in SyntaxHighlight results in multiple vulnerabilities | mediawiki | mediawiki (SyntaxHighlight extension) | 超危 | - | 2018-04-13 16:00:00 | Deep Dive |