wikimedia foundation

Top products

The 15 most recently published vulnerabilities affecting wikimedia foundation.

• CVE-2026-34095action=raw with Special:Mypage subpage title responds with "Content-Type: text/html" on ctype=text/javascript request6.1May 11, 2026
• CVE-2026-34094Customized help link for page protection indicator is relative to subpage name, because the link target is missing the "/wiki/" prefix3.8May 11, 2026
• CVE-2026-34093Special:UserRights allows viewing user rights from private wiki5.3May 11, 2026
• CVE-2026-34092Block UI elements in 'tools'-sidebar shows presence of an autoblocked IP7.5May 11, 2026
• CVE-2026-34091User localization leaked by AbuseFilter + EventStream7.5May 11, 2026
• CVE-2026-34090Suggested investigations: Handle suppressed usernames7.5May 11, 2026
• CVE-2026-34088RecentChanges entries expose suppressed content via generated log page html7.5May 11, 2026
• CVE-2026-34087Users API leaks whether privileged users have their user groups disabled for lack of 2FA7.5May 11, 2026
• CVE-2026-39837Stored XSS through the dynamic table format in Cargo5.4Apr 7, 2026
• CVE-2026-39841Stored XSS through list fields on Cargo's page values and Special:CargoTables6.1Apr 7, 2026
• CVE-2026-39840CSS injection in multiple Cargo display formats6.1Apr 7, 2026
• CVE-2026-39839Stored XSS through URLs in Cargo's map format6.1Apr 7, 2026
• CVE-2025-67484Action API xslt option allows JavaScript execution by administrators who are not interface administrators9.8Feb 3, 2026
• CVE-2025-67480list=allrevisions can be used to bypass Extension:Lockdown6.5Feb 3, 2026
• CVE-2025-67476Importing leaks IP address of importer via EventStreams4.3Feb 3, 2026