| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-32067 | i18n XSS vulnerability in message growthexperiments | The Wikimedia Foundation | Mediawiki - Growth Experiments Extension | - | - | 2025-04-11 16:21:34 | Deep Dive |
| CVE-2025-32068 | Revoking authorization of OAuth2 consumer does not invalidate refresh tokens | The Wikimedia Foundation | Mediawiki - OAuth Extension | - | - | 2025-04-11 16:21:12 | Deep Dive |
| CVE-2025-32069 | Wikitext stored XSS on filepages due to dangerous WBMI serialization | The Wikimedia Foundation | Mediawiki - Wikibase Media Info Extension | - | - | 2025-04-11 16:20:49 | Deep Dive |
| CVE-2025-32070 | XSSes in AJAXPoll | The Wikimedia Foundation | Mediawiki - AJAX Poll Extension | - | - | 2025-04-11 16:20:24 | Deep Dive |
| CVE-2025-32071 | Wikibase CommonsInlineImageFormatter: i18n XSS | The Wikimedia Foundation | Mediawiki - Wikidata Extension | - | - | 2025-04-11 16:19:46 | Deep Dive |
| CVE-2025-32700 | AbuseFilter log interfaces expose global private and hidden filters when central DB is not available | Wikimedia Foundation | MediaWiki | - | - | 2025-04-10 18:31:03 | Deep Dive |
| CVE-2025-32699 | Potential javascript injection attack enabled by Unicode normalization in Action API | Wikimedia Foundation | MediaWiki | - | - | 2025-04-10 18:30:24 | Deep Dive |
| CVE-2025-32698 | LogPager.php: Restriction enforcer functions do not correctly enforce suppression restrictions | Wikimedia Foundation | MediaWiki | - | - | 2025-04-10 18:29:52 | Deep Dive |
| CVE-2025-32697 | Cascading protection is not preventing file reversions | Wikimedia Foundation | MediaWiki | - | - | 2025-04-10 18:29:17 | Deep Dive |
| CVE-2025-32696 | "reupload-own" restriction can be bypassed by reverting file | Wikimedia Foundation | MediaWiki | - | - | 2025-04-10 18:28:48 | Deep Dive |
| CVE-2025-3469 | i18n XSS vulnerability in HTMLMultiSelectField when sections are used | Wikimedia Foundation | MediaWiki | - | - | 2025-04-10 18:28:13 | Deep Dive |
| CVE-2025-23074 | Special:EditProfile exposes the contents of profile fields marked "hidden"/friends or "friends of friends" when the privileged user isn't a friend of the user whose profile they edit(ed) | Wikimedia Foundation | Mediawiki - SocialProfile Extension | 低危 | - | 2025-01-14 18:58:20 | Deep Dive |
| CVE-2025-23073 | API list=globalblocks can reveal IP of autoblock if username and IP are included in the bgtargets parameter | Wikimedia Foundation | Mediawiki - GlobalBlocking Extension | 中危 | - | 2025-01-14 18:45:32 | Deep Dive |
| CVE-2025-23072 | XSS in Special:RefreshSpecial | Wikimedia Foundation | Mediawiki - RefreshSpecial Extension | 中危 | - | 2025-01-14 18:29:21 | Deep Dive |
| CVE-2025-23081 | Various security vulnerabilities in Extension:DataTransfer | Wikimedia Foundation | Mediawiki - DataTransfer Extension | 中危 | - | 2025-01-14 16:56:42 | Deep Dive |
| CVE-2025-23080 | XSSes in Special:BadgeView | Wikimedia Foundation | Mediawiki - OpenBadges Extension | 中危 | - | 2025-01-14 16:40:42 | Deep Dive |
| CVE-2025-23079 | XSSes in Extension:ArticleFeedbackv5 | Wikimedia Foundation | Mediawiki - ArticleFeedbackv5 extension | 中危 | - | 2025-01-10 19:03:15 | Deep Dive |
| CVE-2025-23078 | XSS in BreadCrumbs2 | Wikimedia Foundation | Mediawiki - Breadcrumbs2 extension | 中危 | - | 2025-01-10 17:57:21 | Deep Dive |
| CVE-2024-47841 | Path traversal when loading stylesheets | The Wikimedia Foundation | Mediawiki - CSS Extension | 中危 | - | 2024-10-05 01:02:32 | Deep Dive |
| CVE-2024-47840 | Stored XSS through sidebar in Apex skin | The Wikimedia Foundation | Mediawiki - Apex skin | 中危 | - | 2024-10-05 00:53:39 | Deep Dive |