Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki vulnerabilities and exploits
(subscribe to this query)
7.7
CVSSv3
CVE-2022-31090
Guzzle, an extensible PHP HTTP client. `Authorization` headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the `CURLOPT_HTTPAUTH` option to specify an `Authorization` header. On making a request which responds wit...
Guzzlephp Guzzle
Debian Debian Linux 11.0
7.7
CVSSv3
CVE-2022-31091
Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the `Authorizatio...
Guzzlephp Guzzle
Debian Debian Linux 11.0
7.5
CVSSv3
CVE-2023-45371
An issue exists in the Wikibase extension for MediaWiki prior to 1.35.12, 1.36.x up to and including 1.39.x prior to 1.39.5, and 1.40.x prior to 1.40.1. There is no rate limit for merging items.
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
7.5
CVSSv3
CVE-2023-45363
An issue exists in ApiPageSet.php in MediaWiki prior to 1.35.12, 1.36.x up to and including 1.39.x prior to 1.39.5, and 1.40.x prior to 1.40.1. It allows malicious users to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to ot...
Mediawiki Mediawiki 1.40.0
Mediawiki Mediawiki
Debian Debian Linux 11.0
Debian Debian Linux 12.0
7.5
CVSSv3
CVE-2023-35333
MediaWiki PandocUpload Extension Remote Code Execution Vulnerability
Microsoft Pandocupload
7.5
CVSSv3
CVE-2022-28204
A denial-of-service issue exists in MediaWiki 1.37.x prior to 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere&target=Property%3AP31&namespace=1&invert=1 can take more than thirty seconds. There is a DDoS risk.
Mediawiki Mediawiki
7.5
CVSSv3
CVE-2022-28203
A denial-of-service issue exists in MediaWiki prior to 1.35.6, 1.36.x prior to 1.36.4, and 1.37.x prior to 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query.
Mediawiki Mediawiki
Debian Debian Linux 10.0
Debian Debian Linux 11.0
7.5
CVSSv3
CVE-2022-34750
An issue exists in MediaWiki up to and including 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much larger lexemes to be created, which introduces various denial-of-service attack ...
Mediawiki Mediawiki
7.5
CVSSv3
CVE-2022-31043
Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, we should not forward the `Author...
Guzzlephp Guzzle
Drupal Drupal
Drupal Drupal 9.4.0
Debian Debian Linux 11.0
7.5
CVSSv3
CVE-2022-31042
Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, or on making a request to a server w...
Guzzlephp Guzzle
Drupal Drupal
Drupal Drupal 9.4.0
Debian Debian Linux 11.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »