Vulnerabilities > Mediawiki > High

DATE CVE VULNERABILITY TITLE RISK
2022-01-10 CVE-2021-46149 Resource Exhaustion vulnerability in Mediawiki
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.
network
low complexity
mediawiki CWE-400
7.5
2021-12-20 CVE-2021-44858 Incorrect Default Permissions vulnerability in Mediawiki
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.
network
low complexity
mediawiki CWE-276
7.5
2021-10-11 CVE-2021-41799 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time).
network
low complexity
mediawiki fedoraproject CWE-770
7.5
2021-10-11 CVE-2021-41801 Unspecified vulnerability in Mediawiki
The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control.
network
low complexity
mediawiki
8.8
2021-10-06 CVE-2021-42040 Infinite Loop vulnerability in Mediawiki
An issue was discovered in MediaWiki through 1.36.2.
network
low complexity
mediawiki CWE-835
7.5
2021-07-02 CVE-2021-35197 Incorrect Authorization vulnerability in multiple products
In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access.
network
low complexity
mediawiki debian fedoraproject CWE-863
7.5
2021-07-02 CVE-2021-36125 Infinite Loop vulnerability in Mediawiki
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36.
network
low complexity
mediawiki CWE-835
7.5
2021-07-02 CVE-2021-36132 Incorrect Authorization vulnerability in Mediawiki
An issue was discovered in the FileImporter extension in MediaWiki through 1.36.
network
low complexity
mediawiki CWE-863
8.8
2021-04-22 CVE-2021-31555 Improper Input Validation vulnerability in Mediawiki
An issue was discovered in the Oauth extension for MediaWiki through 1.35.2.
network
low complexity
mediawiki CWE-20
7.5
2021-01-29 CVE-2020-29005 Insufficiently Protected Credentials vulnerability in Mediawiki
The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure.
network
low complexity
mediawiki CWE-522
7.5