| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-49576 | Citizen allows stored XSS in search no result messages | StarCitizenTools | mediawiki-skins-Citizen | Medium | 6.5 | 2025-06-12 18:50:56 | Deep Dive |
| CVE-2025-49578 | Citizen allows stored XSS in user registration date message | StarCitizenTools | mediawiki-skins-Citizen | Medium | 6.5 | 2025-06-12 18:50:49 | Deep Dive |
| CVE-2025-49579 | Citizen allows stored XSS in menu heading message | StarCitizenTools | mediawiki-skins-Citizen | Medium | 6.5 | 2025-06-12 18:50:44 | Deep Dive |
| CVE-2025-49575 | Citizen allows stored XSS in Command Palette tip messages | StarCitizenTools | mediawiki-skins-Citizen | Medium | 6.5 | 2025-06-12 18:45:23 | Deep Dive |
| CVE-2025-49577 | Citizen allows stored XSS in preference menu headings | StarCitizenTools | mediawiki-skins-Citizen | Medium | 6.5 | 2025-06-12 18:45:18 | Deep Dive |
| CVE-2025-32077 | XSSes in Extension:SimpleCalendar | The Wikimedia Foundation | Mediawiki - Extension:SimpleCalendar | - | - | 2025-04-11 16:25:07 | Deep Dive |
| CVE-2025-32078 | XSSes and potential RCE in Special:VersionCompare | The Wikimedia Foundation | Mediawiki - Version Compare Extension | - | - | 2025-04-11 16:24:46 | Deep Dive |
| CVE-2025-32079 | Saving the right content to MediaWiki:GrowthMentors.json can take down the site | The Wikimedia Foundation | Mediawiki - GrowthExperiments | - | - | 2025-04-11 16:24:22 | Deep Dive |
| CVE-2025-32080 | Cross-origin data leak in mobilefrontend via lazy load images | The Wikimedia Foundation | Mediawiki - Mobile Frontend Extension | - | - | 2025-04-11 16:24:00 | Deep Dive |
| CVE-2025-32076 | Evil regex used to process user-provided data in VisualData | The Wikimedia Foundation | Mediawiki - Visual Data Extension | - | - | 2025-04-11 16:23:36 | Deep Dive |
| CVE-2025-32072 | HTML injection in feed output from i18n message | The Wikimedia Foundation | Mediawiki Core - Feed Utils | - | - | 2025-04-11 16:23:12 | Deep Dive |
| CVE-2025-32073 | System message XSS in HTMLTags | The Wikimedia Foundation | Mediawiki - HTML Tags | - | - | 2025-04-11 16:22:48 | Deep Dive |
| CVE-2025-32074 | XSSes in Extension:ConfirmAccount | The Wikimedia Foundation | Mediawiki - Confirm Account Extension | - | - | 2025-04-11 16:22:23 | Deep Dive |
| CVE-2025-32075 | IP and user agent leaks in Extension:Tabs | The Wikimedia Foundation | Mediawiki - Tabs Extension | - | - | 2025-04-11 16:22:00 | Deep Dive |
| CVE-2025-32067 | i18n XSS vulnerability in message growthexperiments | The Wikimedia Foundation | Mediawiki - Growth Experiments Extension | - | - | 2025-04-11 16:21:34 | Deep Dive |
| CVE-2025-32068 | Revoking authorization of OAuth2 consumer does not invalidate refresh tokens | The Wikimedia Foundation | Mediawiki - OAuth Extension | - | - | 2025-04-11 16:21:12 | Deep Dive |
| CVE-2025-32069 | Wikitext stored XSS on filepages due to dangerous WBMI serialization | The Wikimedia Foundation | Mediawiki - Wikibase Media Info Extension | - | - | 2025-04-11 16:20:49 | Deep Dive |
| CVE-2025-32070 | XSSes in AJAXPoll | The Wikimedia Foundation | Mediawiki - AJAX Poll Extension | - | - | 2025-04-11 16:20:24 | Deep Dive |
| CVE-2025-32071 | Wikibase CommonsInlineImageFormatter: i18n XSS | The Wikimedia Foundation | Mediawiki - Wikidata Extension | - | - | 2025-04-11 16:19:46 | Deep Dive |
| CVE-2025-32700 | AbuseFilter log interfaces expose global private and hidden filters when central DB is not available | Wikimedia Foundation | MediaWiki | - | - | 2025-04-10 18:31:03 | Deep Dive |