0
CVE-2025-61656 - XSS when pasting into VE
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files src/ce/ve.Ce.ClipboardHandler.Js. This issue affects VisualEditor: from * before 1.39.14, 1.43.4, 1.44β¦
0
CVE-2025-61657 -
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/stickyHeader.Js. This issue affects Vector: from * before 1.43.4, 1.44.1.
1.3
CVE-2025-61658 - Special:GlobalContributions shows edits on wikis the viewer doesn't have access to
Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/GlobalContributions/GlobalContributionsPager.Php. This issue affects CheckUser: from * before 1.43.4, 1.44.1.
2.7
CVE-2025-61653 - Extension:TextExtracts does not check for authorizeRead when returning extracts
Vulnerability in Wikimedia Foundation TextExtracts. This vulnerability is associated with program files includes/ApiQueryExtracts.Php. This issue affects TextExtracts: from * before 1.39.14, 1.43.4, 1.44.1.
2.7
CVE-2025-61652 - Action API discussiontoolspageinfo does not check for authorizeRead for the page
Vulnerability in Wikimedia Foundation DiscussionTools.This issue affects DiscussionTools: from * before 1.43.4, 1.44.1.
0
CVE-2025-61651 - i18n XSS through Special:CheckUser CheckUser helper
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser/checkuser/checkUserHelper/buildUserElement.Js. This issue affects CheckUser: from *β¦
7.7
CVE-2025-15556 - Notepad++ < 8.8.9 WinGUp Updater Lacks Update Integrity Verification
Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability where downloaded update metadata and installers are not cryptographically verified. An attacker able to intercept or redirect update traffic can cause the updater to download andβ¦
7.1
CVE-2025-12773 - Plain password is generated in the audit logs while executing update-reports-purge-settings.sh scriβ¦
A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs.Β The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the Brocade SANnβ¦
0
CVE-2025-11173 - Reauth for enabling 2FA can be bypassed by submitting a form
Vulnerability in Wikimedia Foundation OATHAuth. This vulnerability is associated with program files src/Special/OATHManage.Php. This issue affects OATHAuth: from * before 1.39.14, 1.43.4, 1.44.1.
0
CVE-2025-11261 - Stored i18n XSS exposed by security patch for T402077
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Language/mediawiki.Language.Js. This issue affects MediaWiki: from * before 1.39.β¦