High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-09	CVE-2023-45371	Allocation of Resources Without Limits or Throttling vulnerability in Mediawiki An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. network low complexity mediawiki CWE-770	7.5
2023-10-09	CVE-2023-45363	Infinite Loop vulnerability in multiple products An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. network low complexity mediawiki debian CWE-835	7.5
2023-09-25	CVE-2023-3550	Cross-site Scripting vulnerability in multiple products Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator. network low complexity mediawiki debian CWE-79	7.3
2022-09-19	CVE-2022-28203	Release of Invalid Pointer or Reference vulnerability in multiple products A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. network low complexity mediawiki debian CWE-763	7.5
2022-04-29	CVE-2022-29904	SQL Injection vulnerability in Mediawiki The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain '-' and '_' constraints. network low complexity mediawiki CWE-89	7.5
2021-12-20	CVE-2021-44858	Incorrect Default Permissions vulnerability in Mediawiki An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. network low complexity mediawiki CWE-276	7.5
2021-10-11	CVE-2021-41799	Allocation of Resources Without Limits or Throttling vulnerability in multiple products MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). network low complexity mediawiki fedoraproject CWE-770	7.5
2021-10-11	CVE-2021-41801	Unspecified vulnerability in Mediawiki The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. network low complexity mediawiki	8.8
2021-07-02	CVE-2021-35197	Incorrect Authorization vulnerability in multiple products In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. network low complexity mediawiki debian fedoraproject CWE-863	7.5
2021-07-02	CVE-2021-36126	Unspecified vulnerability in Mediawiki An issue was discovered in the AbuseFilter extension in MediaWiki through 1.36. network low complexity mediawiki	7.5