0
CVE-2025-67481 - mw.message(β¦).parse() doesn't output safe HTML, but it's being used as if it does
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.JqueryMsg/mediawiki.JqueryMsg.Js. This issue affects MediaWiki: from * before 1.3β¦
1.7
CVE-2025-67482 - Lua segfault in unpack()
Vulnerability in Wikimedia Foundation Scribunto, Wikimedia Foundation luasandbox. This vulnerability is associated with program files includes/Engines/LuaCommon/lualib/mwInit.Lua, library.C. This issue affects Scribunto: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1; luasandbox: from * before fea2β¦
4.6
CVE-2025-12774 - SQL queries with sensitive information printed in logs with Brocade SANnav before 3.0
A vulnerability in the migration script for Brocade SANnav before 3.0 could allow the collection of database sql queries in the SANnav support save file.Β An attacker with access to Brocade SANnav supportsave file, could open the file and then obtain sensitive information such as details of databasβ¦
0
CVE-2025-67483 - Theoretical i18n XSS in mediawiki.page.preview.js when a page has multiple protection levels
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Page.Preview.Js. This issue affects MediaWiki: from * before 1.43.6, 1.44.3, 1.45β¦
0
CVE-2025-67484 - Action API xslt option allows JavaScript execution by administrators who are not interface administβ¦
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiFormatXml.Php. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.
0
CVE-2025-67480 - list=allrevisions can be used to bypass Extension:Lockdown
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryRevisionsBase.Php. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.
0
CVE-2025-67475 - Stored XSS through edit summaries in MW Core
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/CommentFormatter/CommentParser.Php. This issue affects MediaWiki: from * before 1.39.16, 1.43.6,β¦
1.3
CVE-2025-67476 - Importing leaks IP address of importer via EventStreams
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/ImportableOldRevisionImporter.Php. This issue affects MediaWiki: from * before 1.44.3, 1.45.1.
0
CVE-2025-67477 - Stored XSS through a system message in Special:ApiSandbox
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js. This issue affects MediaWiki: from * befoβ¦
0
CVE-2025-67478 - Wrong E-Mail address composition for usernames with a comma and Umlauts in it like "DΓΆe, JΓ€hn"
Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files includes/Mail/UserMailer.Php. This issue affects CheckUser: from * before 1.39.14, 1.43.4, 1.44.1.