Filter
AND

Mediawiki CargoSpecial:DeleteCargoTable and Special:SwitchCargoTable have no CSRF protection

8.8
First published (updated )

MediaWiki MediaWikiAn issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before …

7.5
First published (updated )

MediaWiki MediaWikiAn issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.…

7.5
First published (updated )

MediaWiki MediaWikiA denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php…

7.5
First published (updated )

MediaWiki MediaWikiA denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.…

7.5
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

MediaWiki MediaWikiAn issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is curren…

7.5
First published (updated )

MediaWiki MediaWikiAn issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because …

7.5
First published (updated )

Mediawiki CreateredirectThe CreateRedirect extension before 2022-04-14 for MediaWiki does not properly check whether the use…

7.5
First published (updated )

MediaWiki MediaWikiMediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remot…

7.5
First published (updated )

MediaWiki MediaWikiCSRF

8.8
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

MediaWiki MediaWikiAn issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. …

7.5
First published (updated )

MediaWiki MediaWikiAn issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. …

7.5
First published (updated )

MediaWiki MediaWikiThe ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is bl…

8.8
First published (updated )

Fedoraproject FedoraMediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query pr…

7.5
First published (updated )

MediaWiki MediaWikiAn issue was discovered in MediaWiki through 1.36.2. A parser function related to loop control allow…

7.5
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

MediaWiki MediaWikiAn issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalRe…

7.5
First published (updated )

MediaWiki MediaWikiAn issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed…

8.8
First published (updated )

MediaWiki MediaWikiIn MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots hav…

7.5
First published (updated )

MediaWiki MediaWikiInput Validation

7.5
First published (updated )

MediaWiki MediaWikiCSRF

8.8
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

MediaWiki MediaWikiThe API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, all…

7.5
First published (updated )

MediaWiki MediaWikiInput Validation

7.5
First published (updated )

MediaWiki MediaWikiAn issue was discovered in the Widgets extension for MediaWiki through 1.35.1. Any user with the abi…

8.8
First published (updated )

MediaWiki MediaWikiCSRF

8.8
First published (updated )

debian/mediawikiXSS

7.5
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

composer/mediawiki/coreTOTP throttle not enforced cross-wiki

7.5
First published (updated )

MediaWiki MediaWikiAn information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34…

7.5
First published (updated )

MediaWiki MediaWikiAn issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can i…

7.5
First published (updated )

MediaWiki MediaWikiThe CentralAuth extension through REL1_34 for MediaWiki allows remote attackers to obtain sensitive …

7.5
First published (updated )

Mediawiki AbusefilterAn issue was discovered in the AbuseFilter extension for MediaWiki. includes/special/SpecialAbuseLog…

7.5
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

MediaWiki MediaWikiThe CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.2…

7.5
First published (updated )

MediaWiki MediaWikiInfoleak

7.5
First published (updated )

MediaWiki MediaWikiInput Validation

7.5
First published (updated )

MediaWiki MediaWikiInfoleak

7.5
First published (updated )

composer/mediawiki/coreCSRF

8.8
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

composer/mediawiki/coreInfoleak

7.5
First published (updated )

composer/mediawiki/coreForbid blocking IP ranges as big as /1 and /2, as done on ruwikiquote using the API

7.5
First published (updated )

composer/mediawiki/corePotential enwiki DOS due to slow WatchedItemStore::countVisitingWatchersMultiple

7.5
First published (updated )

MediaWiki MediaWikiHaving LocalisationCache directory default to system tmp directory is insecure

8.8
First published (updated )

MediaWiki MediaWiki"Mark all pages visited" on the watchlist does not require a CSRF token

8.8
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Fedoraproject FedoraThe OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/i…

7.5
First published (updated )

MediaWiki MediaWikiInfoleak

7.5
First published (updated )

MediaWiki MediaWikiInput Validation

7.5
First published (updated )

MediaWiki MediaWikiInput Validation

7.5
First published (updated )

MediaWiki MediaWikiMediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking e…

7.5
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

MediaWiki MediaWikiInfoleak

7.5
First published (updated )

MediaWiki MediaWikiInfoleak

7.5
First published (updated )

MediaWiki MediaWikiMediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restri…

7.5
First published (updated )

MediaWiki MediaWikiapi.log contains passwords in plaintext

7.8
First published (updated )

MediaWiki MediaWikiCSRF

8.8
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203