| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-62654 | Stored XSS through system messages in QuizGame | The Wikimedia Foundation | MediaWiki QuizGame extension | - | - | 2025-10-17 22:38:54 | Deep Dive |
| CVE-2025-62653 | Stored XSS through system messages in PollNY | The Wikimedia Foundation | MediaWiki PollNY extension | - | - | 2025-10-17 22:23:05 | Deep Dive |
| CVE-2025-62652 | Stored XSS in WebAuthn key name | The Wikimedia Foundation | MediaWiki WebAuthn extension | - | - | 2025-10-17 22:15:27 | Deep Dive |
| CVE-2025-62508 | Citizen vulnerable to stored XSS in sticky header button messages | StarCitizenTools | mediawiki-skins-Citizen | Medium | 6.5 | 2025-10-17 20:29:47 | Deep Dive |
| CVE-2025-61766 | Bucket vulnerable to infinite recursion when querying a bucket using the != operator | weirdgloop | mediawiki-extensions-Bucket | Medium | 6.5 | 2025-10-06 16:07:04 | Deep Dive |
| CVE-2025-59839 | Star Citizen EmbedVideo Extension Stored XSS through wikitext caused by usage of non-reserved data attributes | StarCitizenWiki | mediawiki-extensions-EmbedVideo | High | 8.6 | 2025-09-25 13:56:14 | Deep Dive |
| CVE-2025-7363 | TitleIcon: Stored Cross-Site Scripting (XSS) via #titleicon_unicode parser function | Wikimedia Foundation | Mediawiki - TitleIcon extension | - | - | 2025-07-08 17:27:18 | Deep Dive |
| CVE-2025-7362 | MsUpload: Stored Cross-Site Scripting (XSS) via unsanitized msu-continue system message | Wikimedia Foundation | Mediawiki - MsUpload extension | - | - | 2025-07-08 17:22:35 | Deep Dive |
| CVE-2025-53479 | CheckUser: Reflected Cross-Site Scripting (XSS) in Special:CheckUser via unsanitized internationalized message | Wikimedia Foundation | Mediawiki - CheckUser extension | - | - | 2025-07-08 17:16:36 | Deep Dive |
| CVE-2025-53480 | CheckUser: Reflected Cross-Site Scripting (XSS) in Special:Investigate (Account information tab) via unsanitized i18n messages | Wikimedia Foundation | Mediawiki - CheckUser extension | - | - | 2025-07-08 14:58:38 | Deep Dive |
| CVE-2025-53496 | Stored XSS in MediaSearch | Wikimedia Foundation | Mediawiki - MediaSearch Extension | - | - | 2025-07-07 19:12:47 | Deep Dive |
| CVE-2025-53488 | Stored XSS in WikiHiero | Wikimedia Foundation | Mediawiki - WikiHiero Extension | - | - | 2025-07-07 18:44:40 | Deep Dive |
| CVE-2025-53498 | Lack of Audit Logging in AbuseFilter | Wikimedia Foundation | Mediawiki - AbuseFilter Extension | - | - | 2025-07-07 18:35:49 | Deep Dive |
| CVE-2025-53499 | Unauthorized Inspection of Protected Variables in AbuseFilter | Wikimedia Foundation | Mediawiki - AbuseFilter Extension | - | - | 2025-07-07 18:33:12 | Deep Dive |
| CVE-2025-53495 | Unauthorized Disclosure of IP Reputation in AbuseFilter | Wikimedia Foundation | Mediawiki - AbuseFilter Extension | - | - | 2025-07-07 18:30:31 | Deep Dive |
| CVE-2025-53478 | CheckUser: Reflected Cross-Site Scripting (XSS) in Special:Investigate via unsanitized i18n messages | Wikimedia Foundation | Mediawiki - CheckUser extension | - | - | 2025-07-07 18:16:34 | Deep Dive |
| CVE-2025-53497 | Stored XSS in RelatedArticles | Wikimedia Foundation | Mediawiki - RelatedArticles Extension | - | - | 2025-07-07 16:28:50 | Deep Dive |
| CVE-2025-53491 | XSS in FlaggedRevs | Wikimedia Foundation | Mediawiki - FlaggedRevs Extension | - | - | 2025-07-07 16:17:30 | Deep Dive |
| CVE-2025-53487 | ApprovedRevs: Stored Cross-Site Scripting (XSS) via unsanitized system messages | Wikimedia Foundation | Mediawiki - ApprovedRevs extension | - | - | 2025-07-07 15:13:39 | Deep Dive |
| CVE-2025-7057 | Stored XSS in Quiz | Wikimedia Foundation | Mediawiki - Quiz Extension | - | - | 2025-07-07 15:12:13 | Deep Dive |