These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A vulnerability in Wikimedia Foundation timeline affects Mediawiki versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. This issue is associated with program files scripts/EasyTimeline.Pl and includes/Timeline.Php. The vulnerability has a CVSS severity of NONE and a CVSS score that is not provided. Users of affected Mediawiki versions should be aware of this vulnerability and take necessary defensive actio [truncated]
CVE-2026-58038 is an Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability affecting MediaWiki timeline. The issue impacts versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. This vulnerability allows for cross-site scripting (XSS) attacks due to improper neutralization of input during web page generation. Users of MediaWiki timeline, particularly those [truncated]
The CVE record for CVE-2026-58037 was published on 2026-07-01T16:16:51.063Z and has not been modified since then. This Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability affects MediaWiki versions from before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. The issue is associated with several program files, including includes/Language/Language.Php, includes/Loggi [truncated]
A vulnerability in MediaWiki, specifically in the includes/Api/ApiQueryAllUsers.Php, includes/Api/ApiQueryUsers.Php, includes/Permissions/PermissionManager.Php, and includes/User/UserGroupManager.Php program files, could allow an unauthorized actor to access sensitive information. This Exposure of Sensitive Information to an Unauthorized Actor vulnerability has a CVSS score of 2.1, indicating a low severi [truncated]
CVE-2026-58032 is an Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. The issue affects MediaWiki versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. This vulnerability can be exploited by attackers with permission to edit pages, potentially leading to cross-site scripting (XSS) attacks. Users of MediaWiki, especia [truncated]
The CVE-2026-58030 vulnerability is an Improper Neutralization of Input During Web Page Generation (XSS) issue affecting Mediawiki SyntaxHighlight_GeSHi. This vulnerability has a CVSS score of 5.3 and a severity of MEDIUM. It impacts versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. Users of these versions should review and apply patches to prevent XSS attacks. The vulnerability is associated with progr [truncated]
A vulnerability was discovered in MediaWiki, affecting versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. This issue is associated with multiple program files, including includes/Api/ApiChangeAuthenticationData.Php, includes/Api/ApiLinkAccount.Php, includes/Api/ApiRemoveAuthenticationData.Php, includes/Specials/SpecialLinkAccounts.Php, and includes/Specials/SpecialUnlinkAccounts.Php. The vulnerability is [truncated]
The CVE record for CVE-2026-58028 was published on 2026-07-01T16:16:50.077Z and has not been modified since then. This vulnerability affects MediaWiki and CentralAuth versions prior to 1.46.0, 1.45.4, 1.44.6, and 1.43.9, allowing for XSS attacks due to improper neutralization of input during web page generation. Users of these versions should apply patches to prevent potential attacks.
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-01T16:16:49.947Z and has not been modified since then. The NVD entry is currently Analyzed. This Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter affects versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. The vulnerability has a CVSS score [truncated]
A deserialization of untrusted data vulnerability was found in MediaWiki, affecting versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. This issue is associated with program files includes/Import/WikiImporter.Php, includes/Import/WikiRevision.Php, and includes/Logging/LogEntryBase.Php. The vulnerability is caused by the deserialization of untrusted data in MediaWiki. This could allow an attacker to execut [truncated]
CVE-2026-13706 is an improper input validation vulnerability in Wikimedia Foundation UrlShortener. The CVE record was published on 2026-07-01T16:16:31.617Z and has not been modified since then. The NVD entry is currently Analyzed. This vulnerability is associated with program files includes/UrlShortenerUtils.Php. It has been categorized under CWE-20. The CVSS score is not provided, but the CVSS vector is [truncated]
CVE-2026-58035 is an Improper Neutralization of Input During Web Page Generation (XSS) vulnerability in MediaWiki, a popular open-source wiki software. The vulnerability is associated with program files resources/src/mediawiki.Special.Block/SpecialBlock.Vue. This type of vulnerability allows attackers to inject malicious scripts into web pages, potentially leading to unauthorized actions or data theft. Us [truncated]
CVE-2026-58034 is an Improper Neutralization of Input During Web Page Generation (XSS) vulnerability in Wikimedia Foundation CheckUser. This issue affects CheckUser: from 1.46.0-rc.0 before 1.46.0. The vulnerability is associated with program files modules/ext.CheckUser.TempAccounts/components/blockConnectedTempAccountsField.Vue. The issue has been identified and reported, and a fix is available in versio [truncated]
CVE-2026-58031 is an Improper Neutralization of Input During Web Page Generation (XSS) vulnerability in MediaWiki. The issue affects MediaWiki from version 1.46.0-rc.0 before 1.46.0. This vulnerability is located in the resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js file and allows for Cross-site Scripting (XSS) attacks when user input is not properly neutralized during web page generation [truncated]
CVE-2026-34093 is a low-severity sensitive-information exposure issue in Wikimedia Foundation MediaWiki, tied to includes/Specials/SpecialUserRights.Php. According to the NVD record, the issue affects MediaWiki versions before 1.43.7, 1.44.4, and 1.45.2. The CVSS 4.0 vector indicates network exposure with low confidentiality impact and a user interaction requirement, so this is not described as a high-imp [truncated]