Wikimedia Foundation 厂商相关 107 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。
Wikimedia Foundation 运营维基百科等知识共享平台,核心在于维护全球最大在线百科全书。其系统历史漏洞多集中于跨站脚本(XSS)、SQL 注入及越权访问,部分源于 MediaWiki 框架的复杂交互逻辑。值得关注的是,该基金会采用严格的代码审查与自动化测试机制,并定期发布安全更新以修复已收录的 107 条 CVE。其开源架构虽提升透明度,但也使攻击面相对公开,需持续强化输入验证与权限控制以保障数据完整性。
| CVE ID | タイトル | CVSS | 深刻度 | 公開日 |
|---|---|---|---|---|
| CVE-2025-67478 | Wrong E-Mail address composition for usernames with a comma and Umlauts in it like "Döe, Jähn" — CheckUser | 9.8AI | CriticalAI | 2026-02-03 |
| CVE-2025-61658 | Special:GlobalContributions shows edits on wikis the viewer doesn't have access to — CheckUser | 9.1AI | CriticalAI | 2026-02-03 |
| CVE-2025-61651 | i18n XSS through Special:CheckUser CheckUser helper — CheckUserCWE-79 | 6.1AI | MediumAI | 2026-02-03 |
| CVE-2025-61648 | Stored XSS through system messages in CheckUser — CheckUserCWE-79 | 6.1AI | MediumAI | 2026-02-03 |
| CVE-2025-61649 | UserInfoCard: Check that performing user has permission to view log entries for number of past blocks — CheckUser | 9.1AI | CriticalAI | 2026-02-03 |
| CVE-2025-61650 | UserInfoCard is vulnerable to message key stored XSS — CheckUserCWE-79 | 6.1AI | MediumAI | 2026-02-03 |
| CVE-2025-61647 | UserInfoCard: Don't allow access to information about users who are suppressed if you don't have suppressor rights — CheckUser | 9.8AI | CriticalAI | 2026-02-03 |
本页汇总了 Wikimedia Foundation 厂商截至目前公开的全部 107 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。