0
CVE-2025-67479 - Magic word replacement in legacy parser allows using reserved data attributes through wikitext
Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Cite. This vulnerability is associated with program files includes/Parser/CoreParserFunctions.Php, includes/Parser/Sanitizer.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1; Cite: from * before 1.39.14, β¦
0
CVE-2025-61654 - UserInfoCard: Do permission checking when getting counts of global and local edits, new articles anβ¦
Vulnerability in Wikimedia Foundation Thanks. This vulnerability is associated with program files includes/ThanksQueryHelper.Php. This issue affects Thanks: from * before 1.43.4, 1.44.1.
0
CVE-2025-61655 - Stored XSS through system messages in VisualEditor
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files includes/ApiVisualEditorEdit.Php, modules/ve-mw/init/targets/ve.Init.Mw.DesktopArticleTarget.Js, moduleβ¦
0
CVE-2025-61656 - XSS when pasting into VE
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files src/ce/ve.Ce.ClipboardHandler.Js. This issue affects VisualEditor: from * before 1.39.14, 1.43.4, 1.44β¦
0
CVE-2025-61657 -
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/stickyHeader.Js. This issue affects Vector: from * before 1.43.4, 1.44.1.
1.3
CVE-2025-61658 - Special:GlobalContributions shows edits on wikis the viewer doesn't have access to
Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/GlobalContributions/GlobalContributionsPager.Php. This issue affects CheckUser: from * before 1.43.4, 1.44.1.
2.7
CVE-2025-61653 - Extension:TextExtracts does not check for authorizeRead when returning extracts
Vulnerability in Wikimedia Foundation TextExtracts. This vulnerability is associated with program files includes/ApiQueryExtracts.Php. This issue affects TextExtracts: from * before 1.39.14, 1.43.4, 1.44.1.
2.7
CVE-2025-61652 - Action API discussiontoolspageinfo does not check for authorizeRead for the page
Vulnerability in Wikimedia Foundation DiscussionTools.This issue affects DiscussionTools: from * before 1.43.4, 1.44.1.
0
CVE-2025-61651 - i18n XSS through Special:CheckUser CheckUser helper
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser/checkuser/checkUserHelper/buildUserElement.Js. This issue affects CheckUser: from *β¦
7.7
CVE-2025-15556 - Notepad++ < 8.8.9 WinGUp Updater Lacks Update Integrity Verification
Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability where downloaded update metadata and installers are not cryptographically verified. An attacker able to intercept or redirect update traffic can cause the updater to download andβ¦