Security Risk Severity
Info Security Risks
Published vulnerability pages grouped by info severity. Use this page to review risks that need similar prioritization.
Info severity
Showing 9 of 9 published risks.
CVE-2026-58034 in MediaWiki CheckUser
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser.TempAccounts/components/blockConnectedTempAccountsField.Vue. This issue affects CheckUser: from 1.46.0-rc.0 before 1.46.0.
Updated Jul 15, 2026
CVE-2026-58035 in MediaWiki
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Block/SpecialBlock.Vue.
Updated Jul 15, 2026
CVE-2026-13706 in MediaWiki UrlShortener
Improper input validation vulnerability in Wikimedia Foundation UrlShortener. This vulnerability is associated with program files includes/UrlShortenerUtils.Php.
Updated Jul 15, 2026
CVE-2026-13707 in MediaWiki OAuth
Session fixation vulnerability in Wikimedia Foundation OAuth. This vulnerability is associated with program files src/Backend/MWOAuthServer.Php. This issue affects OAuth: from * through 1.46.0, 1.45.4, 1.44.6, 1.43.9.
Updated Jul 15, 2026
CVE-2026-58026 in MediaWiki
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Parser/Parser.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
Updated Jul 15, 2026
CVE-2026-58028 in MediaWiki and CentralAuth
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation CentralAuth. This vulnerability is associated with program files includes/Api/ApiFormatBase.Php, includes/Api/ApiHelp.Php, includes/ResourceLoader/Module.Php, includes/Hooks/Handlers/PageDisplayHookHandler.Php, includes/LogFormatter/PermissionChangeLogFormatter.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9; CentralAuth: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
Updated Jul 15, 2026
CVE-2026-58037 in MediaWiki
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Language/Language.Php, includes/Logging/BlockLogFormatter.Php, includes/Logging/LogFormatter.Php, includes/Logging/PatrolLogFormatter.Php, includes/Logging/RenameuserLogFormatter.Php, includes/Logging/TagLogFormatter.Php, includes/Specials/SpecialVersion.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
Updated Jul 15, 2026
CVE-2026-58038 in MediaWiki Timeline
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation timeline. This vulnerability is associated with program files includes/Timeline.Php, scripts/EasyTimeline.Pl. This issue affects timeline: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
Updated Jul 15, 2026
CVE-2026-8857 in MediaWiki Timeline
A vulnerability in Wikimedia Foundation timeline. This vulnerability is associated with program files scripts/EasyTimeline.Pl, includes/Timeline.Php. This issue affects timeline: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.
Updated Jul 15, 2026
