wikimedia foundation
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting wikimedia foundation.
- CVE-2026-39837Stored XSS through the dynamic table format in Cargo5.4
- CVE-2026-39841Stored XSS through list fields on Cargo's page values and Special:CargoTables6.1
- CVE-2026-39840CSS injection in multiple Cargo display formats6.1
- CVE-2026-39839Stored XSS through URLs in Cargo's map format6.1
- CVE-2025-61658Special:GlobalContributions shows edits on wikis the viewer doesn't have access to4.3
- CVE-2025-61637Stored XSS through system messages in MW Core4.8
- CVE-2025-61638Sanitizer::validateAttributes data-XSS4.8
- CVE-2025-61639Suppressed blocked IP is visible in Special:BlockList, RC, and other places4.8
- CVE-2025-61640Stored XSS through system messages in Special:RecentChangesLinked (MW Core)4.8
- CVE-2025-53479CheckUser: Reflected Cross-Site Scripting (XSS) in Special:CheckUser via unsanitized internationalized message5.4
- CVE-2025-53480CheckUser: Reflected Cross-Site Scripting (XSS) in Special:Investigate (Account information tab) via unsanitized i18n messages5.4
- CVE-2025-53496Stored XSS in MediaSearch5.4
- CVE-2025-53488Stored XSS in WikiHiero6.1
- CVE-2025-53498Lack of Audit Logging in AbuseFilter5.3
- CVE-2025-53499Unauthorized Inspection of Protected Variables in AbuseFilter9.1