Filters

Software

mediawiki mediawiki
63
mediawiki abusefilter
1
mediawiki cargo
1
mediawiki createredirect
1

Mediawiki CargoSpecial:DeleteCargoTable and Special:SwitchCargoTable have no CSRF protection

high
8.8
First published (updated )
CVE-2024-47846

MediaWiki MediaWikiAn issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before …

high
7.5
First published (updated )
CVE-2023-45363

MediaWiki MediaWikiAn issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.…

high
7.5
First published (updated )
CVE-2023-45371

MediaWiki MediaWikiA denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php…

high
7.5
First published (updated )
CVE-2022-28204

MediaWiki MediaWikiA denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.…

high
7.5
First published (updated )
CVE-2022-28203

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

MediaWiki MediaWikiAn issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is curren…

high
7.5
First published (updated )
CVE-2022-34750

MediaWiki MediaWikiAn issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because …

high
7.5
First published (updated )
CVE-2022-28323

Mediawiki CreateredirectThe CreateRedirect extension before 2022-04-14 for MediaWiki does not properly check whether the use…

high
7.5
First published (updated )
CVE-2022-29547

MediaWiki MediaWikiMediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remot…

high
7.5
First published (updated )
CVE-2017-0371

MediaWiki MediaWikiCSRF

high
8.8
First published (updated )
CVE-2021-46147

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

MediaWiki MediaWikiAn issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. …

high
7.5
First published (updated )
CVE-2021-46149

MediaWiki MediaWikiAn issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. …

high
7.5
First published (updated )
CVE-2021-44858

MediaWiki MediaWikiThe ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is bl…

high
8.8
First published (updated )
CVE-2021-41801

Fedoraproject FedoraMediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query pr…

high
7.5
First published (updated )
CVE-2021-41799

MediaWiki MediaWikiAn issue was discovered in MediaWiki through 1.36.2. A parser function related to loop control allow…

high
7.5
First published (updated )
CVE-2021-42040

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

MediaWiki MediaWikiAn issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalRe…

high
7.5
First published (updated )
CVE-2021-36125

MediaWiki MediaWikiAn issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed…

high
8.8
First published (updated )
CVE-2021-36132

MediaWiki MediaWikiIn MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots hav…

high
7.5
First published (updated )
CVE-2021-35197

MediaWiki MediaWikiInput Validation

high
7.5
First published (updated )
CVE-2021-31555

MediaWiki MediaWikiCSRF

high
8.8
First published (updated )
CVE-2020-29004

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

MediaWiki MediaWikiThe API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, all…

high
7.5
First published (updated )
CVE-2020-29005

MediaWiki MediaWikiInput Validation

high
7.5
First published (updated )
CVE-2020-35623

MediaWiki MediaWikiAn issue was discovered in the Widgets extension for MediaWiki through 1.35.1. Any user with the abi…

high
8.8
First published (updated )
CVE-2020-35625

MediaWiki MediaWikiCSRF

high
8.8
First published (updated )
CVE-2020-35626

debian/mediawikiXSS

high
7.5
First published (updated )
CVE-2020-35475

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

composer/mediawiki/coreTOTP throttle not enforced cross-wiki

high
7.5
First published (updated )
CVE-2020-25827

MediaWiki MediaWikiAn information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34…

high
7.5
First published (updated )
CVE-2020-25869

MediaWiki MediaWikiAn issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can i…

high
7.5
First published (updated )
CVE-2020-26121

MediaWiki MediaWikiThe CentralAuth extension through REL1_34 for MediaWiki allows remote attackers to obtain sensitive …

high
7.5
First published (updated )
CVE-2020-12051

Mediawiki AbusefilterAn issue was discovered in the AbuseFilter extension for MediaWiki. includes/special/SpecialAbuseLog…

high
7.5
First published (updated )
CVE-2019-16528

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

MediaWiki MediaWikiThe CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.2…

high
7.5
First published (updated )
CVE-2013-4572

MediaWiki MediaWikiInfoleak

high
7.5
First published (updated )
CVE-2013-1817

MediaWiki MediaWikiInput Validation

high
7.5
First published (updated )
CVE-2013-1816

MediaWiki MediaWikiInfoleak

high
7.5
First published (updated )
CVE-2012-0046

composer/mediawiki/coreCSRF

high
8.8
First published (updated )
CVE-2019-12466

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

composer/mediawiki/coreInfoleak

high
7.5
First published (updated )
CVE-2019-12474

composer/mediawiki/coreForbid blocking IP ranges as big as /1 and /2, as done on ruwikiquote using the API

high
7.5
First published (updated )
CVE-2019-12472

composer/mediawiki/corePotential enwiki DOS due to slow WatchedItemStore::countVisitingWatchersMultiple

high
7.5
First published (updated )
CVE-2019-12473

MediaWiki MediaWikiHaving LocalisationCache directory default to system tmp directory is insecure

high
8.8
First published (updated )
CVE-2017-0367

MediaWiki MediaWiki"Mark all pages visited" on the watchlist does not require a CSRF token

high
8.8
First published (updated )
CVE-2017-0362

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Fedoraproject FedoraThe OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/i…

high
7.5
First published (updated )
CVE-2015-8008

MediaWiki MediaWikiInfoleak

high
7.5
First published (updated )
CVE-2017-8810

MediaWiki MediaWikiInput Validation

high
7.5
First published (updated )
CVE-2017-8815

MediaWiki MediaWikiInput Validation

high
7.5
First published (updated )
CVE-2017-8814

MediaWiki MediaWikiMediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking e…

high
7.5
First published (updated )
CVE-2012-4380

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

MediaWiki MediaWikiInfoleak

high
7.5
First published (updated )
CVE-2016-6332

MediaWiki MediaWikiInfoleak

high
7.5
First published (updated )
CVE-2016-6335

MediaWiki MediaWikiMediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restri…

high
7.5
First published (updated )
CVE-2016-6337

MediaWiki MediaWikiapi.log contains passwords in plaintext

high
7.8
First published (updated )
CVE-2017-0361

MediaWiki MediaWikiCSRF

high
8.8
First published (updated )
CVE-2015-8623

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203