Vulnerabilities > Mediawiki > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-01-10 | CVE-2021-46149 | Resource Exhaustion vulnerability in Mediawiki An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. | 7.5 |
2021-12-20 | CVE-2021-44858 | Incorrect Default Permissions vulnerability in Mediawiki An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. | 7.5 |
2021-10-11 | CVE-2021-41799 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). | 7.5 |
2021-10-11 | CVE-2021-41801 | Unspecified vulnerability in Mediawiki The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. | 8.8 |
2021-10-06 | CVE-2021-42040 | Infinite Loop vulnerability in Mediawiki An issue was discovered in MediaWiki through 1.36.2. | 7.5 |
2021-07-02 | CVE-2021-35197 | Incorrect Authorization vulnerability in multiple products In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. | 7.5 |
2021-07-02 | CVE-2021-36125 | Infinite Loop vulnerability in Mediawiki An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. | 7.5 |
2021-07-02 | CVE-2021-36132 | Incorrect Authorization vulnerability in Mediawiki An issue was discovered in the FileImporter extension in MediaWiki through 1.36. | 8.8 |
2021-04-22 | CVE-2021-31555 | Improper Input Validation vulnerability in Mediawiki An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. | 7.5 |
2021-01-29 | CVE-2020-29005 | Insufficiently Protected Credentials vulnerability in Mediawiki The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure. | 7.5 |