Vulnerabilidades em Wikimedia Foundation
118 resultadosCVE-2025-11173NONEReauth for enabling 2FA can be bypassed by submitting a formEPSS 0.4%CVE-2025-3469NONEi18n XSS vulnerability in HTMLMultiSelectField when sections are usedEPSS 0.3%CVE-2025-32698LOWLogPager.php: Restriction enforcer functions do not correctly enforce suppression restrictionsEPSS 0.3%CVE-2025-23074LOWSpecial:EditProfile exposes the contents of profile fields marked "hidden"/friends or "friends of friends" when the privileged user isn't a friend of the user whose profile they edit(ed)EPSS 0.3%CVE-2025-61653LOWExtension:TextExtracts does not check for authorizeRead when returning extractsEPSS 0.3%CVE-2025-23073LOWAPI list=globalblocks can reveal IP of autoblock if username and IP are included in the bgtargets parameterEPSS 0.3%CVE-2025-6590MEDIUMComplete content leak of private wikis due to PasswordReset Wikitext injection in error messageEPSS 0.3%CVE-2025-32697NONECascading protection is not preventing file reversionsEPSS 0.3%CVE-2025-32700LOWAbuseFilter log interfaces expose global private and hidden filters when central DB is not availableEPSS 0.3%CVE-2025-32699LOWPotential javascript injection attack enabled by Unicode normalization in Action APIEPSS 0.3%CVE-2025-61649LOWUserInfoCard: Check that performing user has permission to view log entries for number of past blocksEPSS 0.3%CVE-2025-53501HIGHContent Access Bypass in ScribuntoEPSS 0.3%CVE-2025-67478NONEWrong E-Mail address composition for usernames with a comma and Umlauts in it like "Döe, Jähn"EPSS 0.3%CVE-2025-61654NONEUserInfoCard: Do permission checking when getting counts of global and local edits, new articles and thanksEPSS 0.3%CVE-2025-23072MEDIUMXSS in Special:RefreshSpecialEPSS 0.3%CVE-2025-61647LOWUserInfoCard: Don't allow access to information about users who are suppressed if you don't have suppressor rightsEPSS 0.3%CVE-2025-67482LOWLua segfault in unpack()EPSS 0.3%CVE-2026-34088LOWRecentChanges entries expose suppressed content via generated log page htmlEPSS 0.3%CVE-2026-34091MEDIUMUser localization leaked by AbuseFilter + EventStreamEPSS 0.3%CVE-2025-53499CRITICALUnauthorized Inspection of Protected Variables in AbuseFilterEPSS 0.3%