Security Risk Severity

Info Security Risks

Published vulnerability pages grouped by info severity. Use this page to review risks that need similar prioritization.

Info severity

Showing 9 of 9 published risks.

infoEPSS 0.001

CVE-2026-58034 in MediaWiki CheckUser

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser.TempAccounts/components/blockConnectedTempAccountsField.Vue. This issue affects CheckUser: from 1.46.0-rc.0 before 1.46.0.

CVE-2026-58034phpweb-applicationxss

Updated Jul 15, 2026

infoEPSS 0.001

CVE-2026-58035 in MediaWiki

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Block/SpecialBlock.Vue.

CVE-2026-58035phpweb-applicationxss

Updated Jul 15, 2026

info

CVE-2026-13706 in MediaWiki UrlShortener

Improper input validation vulnerability in Wikimedia Foundation UrlShortener. This vulnerability is associated with program files includes/UrlShortenerUtils.Php.

CVE-2026-13706phpweb-applicationinput-validation

Updated Jul 15, 2026

info

CVE-2026-13707 in MediaWiki OAuth

Session fixation vulnerability in Wikimedia Foundation OAuth. This vulnerability is associated with program files src/Backend/MWOAuthServer.Php. This issue affects OAuth: from * through 1.46.0, 1.45.4, 1.44.6, 1.43.9.

CVE-2026-13707phpweb-applicationauthentication-bypass

Updated Jul 15, 2026

infoEPSS 0.004

CVE-2026-58026 in MediaWiki

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Parser/Parser.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.

CVE-2026-58026phpweb-applicationinformation-disclosure

Updated Jul 15, 2026

infoEPSS 0.003

CVE-2026-58028 in MediaWiki and CentralAuth

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation CentralAuth. This vulnerability is associated with program files includes/Api/ApiFormatBase.Php, includes/Api/ApiHelp.Php, includes/ResourceLoader/Module.Php, includes/Hooks/Handlers/PageDisplayHookHandler.Php, includes/LogFormatter/PermissionChangeLogFormatter.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9; CentralAuth: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.

CVE-2026-58028phpapi-securityweb-applicationxss

Updated Jul 15, 2026

infoEPSS 0.003

CVE-2026-58037 in MediaWiki

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Language/Language.Php, includes/Logging/BlockLogFormatter.Php, includes/Logging/LogFormatter.Php, includes/Logging/PatrolLogFormatter.Php, includes/Logging/RenameuserLogFormatter.Php, includes/Logging/TagLogFormatter.Php, includes/Specials/SpecialVersion.Php. This issue affects MediaWiki: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.

CVE-2026-58037phpweb-applicationxss

Updated Jul 15, 2026

infoEPSS 0.002

CVE-2026-58038 in MediaWiki Timeline

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation timeline. This vulnerability is associated with program files includes/Timeline.Php, scripts/EasyTimeline.Pl. This issue affects timeline: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.

CVE-2026-58038phpweb-applicationxss

Updated Jul 15, 2026

infoEPSS 0.003

CVE-2026-8857 in MediaWiki Timeline

A vulnerability in Wikimedia Foundation timeline. This vulnerability is associated with program files scripts/EasyTimeline.Pl, includes/Timeline.Php. This issue affects timeline: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.

CVE-2026-8857phpweb-applicationremote-code-execution

Updated Jul 15, 2026