| 0 |
| url |
VCID-1697-p35n-fber |
| vulnerability_id |
VCID-1697-p35n-fber |
| summary |
Wikimedia MediaWiki allows CSRF
Wikimedia MediaWiki through 1.32.1 allows CSRF in logout feature. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12466 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39621 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39524 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39608 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39615 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.3956 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39644 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39472 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39637 |
| published_at |
2026-04-16T12:55:00Z |
|
| 8 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39586 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39602 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39639 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39629 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12466 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-12466, GHSA-27fw-r78j-h898
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1697-p35n-fber |
|
| 1 |
| url |
VCID-1866-gt2g-1qfv |
| vulnerability_id |
VCID-1866-gt2g-1qfv |
| summary |
MediaWiki Incorrect Access Control vulnerability
MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12469 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.35983 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.36026 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.36093 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.36092 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.36042 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.36207 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.36178 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.36052 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.36078 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.36116 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00153 |
| scoring_system |
epss |
| scoring_elements |
0.3611 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12469 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-12469, GHSA-x3fr-w7r5-x7rg
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1866-gt2g-1qfv |
|
| 2 |
| url |
VCID-424y-cjxg-c7az |
| vulnerability_id |
VCID-424y-cjxg-c7az |
| summary |
MediaWiki Cross-site Scripting (XSS) vulnerability
An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped() instead of text(). |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-25815 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00387 |
| scoring_system |
epss |
| scoring_elements |
0.5985 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00387 |
| scoring_system |
epss |
| scoring_elements |
0.59866 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00387 |
| scoring_system |
epss |
| scoring_elements |
0.59859 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00387 |
| scoring_system |
epss |
| scoring_elements |
0.59839 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00387 |
| scoring_system |
epss |
| scoring_elements |
0.59856 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00387 |
| scoring_system |
epss |
| scoring_elements |
0.59835 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00387 |
| scoring_system |
epss |
| scoring_elements |
0.59822 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.00387 |
| scoring_system |
epss |
| scoring_elements |
0.59801 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00387 |
| scoring_system |
epss |
| scoring_elements |
0.5977 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00387 |
| scoring_system |
epss |
| scoring_elements |
0.59777 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.00387 |
| scoring_system |
epss |
| scoring_elements |
0.59703 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-25815 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-25815, GHSA-2f58-vf6g-6p8x
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-424y-cjxg-c7az |
|
| 3 |
| url |
VCID-4keq-jcfa-13hc |
| vulnerability_id |
VCID-4keq-jcfa-13hc |
| summary |
Possible to circumvent title-blacklist
MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-19709 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00315 |
| scoring_system |
epss |
| scoring_elements |
0.54574 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00315 |
| scoring_system |
epss |
| scoring_elements |
0.54605 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00315 |
| scoring_system |
epss |
| scoring_elements |
0.54625 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00315 |
| scoring_system |
epss |
| scoring_elements |
0.54587 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00315 |
| scoring_system |
epss |
| scoring_elements |
0.54613 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00315 |
| scoring_system |
epss |
| scoring_elements |
0.54618 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00315 |
| scoring_system |
epss |
| scoring_elements |
0.54567 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00315 |
| scoring_system |
epss |
| scoring_elements |
0.54597 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00315 |
| scoring_system |
epss |
| scoring_elements |
0.54502 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.00315 |
| scoring_system |
epss |
| scoring_elements |
0.54608 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00315 |
| scoring_system |
epss |
| scoring_elements |
0.54626 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-19709 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-19709, GHSA-pjv5-vv93-p648
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4keq-jcfa-13hc |
|
| 4 |
| url |
VCID-7eba-7gsc-hbfg |
| vulnerability_id |
VCID-7eba-7gsc-hbfg |
| summary |
X-Forwarded-For header allows brute-forcing autoblocked IP addresses
An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-29141 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48447 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48449 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48509 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48459 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48473 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48426 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48448 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48401 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48455 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.00292 |
| scoring_system |
epss |
| scoring_elements |
0.52609 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00292 |
| scoring_system |
epss |
| scoring_elements |
0.52594 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-29141 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-29141, GHSA-5vj8-g3qg-4qh6
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7eba-7gsc-hbfg |
|
| 5 |
| url |
VCID-9qyu-z71g-1qbq |
| vulnerability_id |
VCID-9qyu-z71g-1qbq |
| summary |
MediaWiki Open Redirect vulnerability
resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.34.0-rc.0 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-10959 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00273 |
| scoring_system |
epss |
| scoring_elements |
0.50738 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00273 |
| scoring_system |
epss |
| scoring_elements |
0.50757 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00273 |
| scoring_system |
epss |
| scoring_elements |
0.50752 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00273 |
| scoring_system |
epss |
| scoring_elements |
0.50727 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00273 |
| scoring_system |
epss |
| scoring_elements |
0.5075 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00273 |
| scoring_system |
epss |
| scoring_elements |
0.50701 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00273 |
| scoring_system |
epss |
| scoring_elements |
0.50712 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.00273 |
| scoring_system |
epss |
| scoring_elements |
0.50657 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00273 |
| scoring_system |
epss |
| scoring_elements |
0.50675 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.00273 |
| scoring_system |
epss |
| scoring_elements |
0.50622 |
| published_at |
2026-04-01T12:55:00Z |
|
| 10 |
| value |
0.00273 |
| scoring_system |
epss |
| scoring_elements |
0.50708 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-10959 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-10959, GHSA-mqhw-wq8p-vf5r
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9qyu-z71g-1qbq |
|
| 6 |
| url |
VCID-arzd-7xhw-qqb4 |
| vulnerability_id |
VCID-arzd-7xhw-qqb4 |
| summary |
OATHAuth extension in MediaWiki is not implementing rate limit
An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-25827 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00239 |
| scoring_system |
epss |
| scoring_elements |
0.46991 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00239 |
| scoring_system |
epss |
| scoring_elements |
0.47042 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00239 |
| scoring_system |
epss |
| scoring_elements |
0.46983 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00239 |
| scoring_system |
epss |
| scoring_elements |
0.46988 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00239 |
| scoring_system |
epss |
| scoring_elements |
0.46987 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00239 |
| scoring_system |
epss |
| scoring_elements |
0.4697 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.00239 |
| scoring_system |
epss |
| scoring_elements |
0.46934 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00239 |
| scoring_system |
epss |
| scoring_elements |
0.47046 |
| published_at |
2026-04-16T12:55:00Z |
|
| 8 |
| value |
0.00239 |
| scoring_system |
epss |
| scoring_elements |
0.4699 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00239 |
| scoring_system |
epss |
| scoring_elements |
0.4701 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00239 |
| scoring_system |
epss |
| scoring_elements |
0.46985 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-25827 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-25827, GHSA-rqvj-fc2x-99q6
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-arzd-7xhw-qqb4 |
|
| 7 |
| url |
VCID-azup-qzq7-sbh6 |
| vulnerability_id |
VCID-azup-qzq7-sbh6 |
| summary |
MediaWiki Cross-site Scripting (XSS) vulnerability
In MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> tag (or it does not have a href attribute, or it's empty, etc.). The actual result is that the object contains an <a href ="javascript... that executes when clicked. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-25814 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00336 |
| scoring_system |
epss |
| scoring_elements |
0.56468 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00336 |
| scoring_system |
epss |
| scoring_elements |
0.56498 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00336 |
| scoring_system |
epss |
| scoring_elements |
0.56464 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00336 |
| scoring_system |
epss |
| scoring_elements |
0.56483 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00336 |
| scoring_system |
epss |
| scoring_elements |
0.56507 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00336 |
| scoring_system |
epss |
| scoring_elements |
0.56497 |
| published_at |
2026-04-16T12:55:00Z |
|
| 6 |
| value |
0.00336 |
| scoring_system |
epss |
| scoring_elements |
0.56441 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00336 |
| scoring_system |
epss |
| scoring_elements |
0.5646 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00336 |
| scoring_system |
epss |
| scoring_elements |
0.56492 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.00336 |
| scoring_system |
epss |
| scoring_elements |
0.56437 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.00336 |
| scoring_system |
epss |
| scoring_elements |
0.56339 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-25814 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-25814, GHSA-4vr7-m8p8-434h
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-azup-qzq7-sbh6 |
|
| 8 |
| url |
VCID-bbef-akjp-a3gp |
| vulnerability_id |
VCID-bbef-akjp-a3gp |
| summary |
Wikimedia Potential DOS due to slow WatchedItemStore::countVisitingWatchersMultiple
Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12473 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00469 |
| scoring_system |
epss |
| scoring_elements |
0.64506 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.00469 |
| scoring_system |
epss |
| scoring_elements |
0.64576 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00469 |
| scoring_system |
epss |
| scoring_elements |
0.6459 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00469 |
| scoring_system |
epss |
| scoring_elements |
0.64579 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00469 |
| scoring_system |
epss |
| scoring_elements |
0.64545 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00469 |
| scoring_system |
epss |
| scoring_elements |
0.64573 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00469 |
| scoring_system |
epss |
| scoring_elements |
0.64518 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00469 |
| scoring_system |
epss |
| scoring_elements |
0.64464 |
| published_at |
2026-04-01T12:55:00Z |
|
| 8 |
| value |
0.00469 |
| scoring_system |
epss |
| scoring_elements |
0.64548 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00469 |
| scoring_system |
epss |
| scoring_elements |
0.64586 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00469 |
| scoring_system |
epss |
| scoring_elements |
0.6457 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.00469 |
| scoring_system |
epss |
| scoring_elements |
0.64554 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12473 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-12473, GHSA-33xw-x3pr-rvqj
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bbef-akjp-a3gp |
|
| 9 |
| url |
VCID-gma6-b9cy-kqee |
| vulnerability_id |
VCID-gma6-b9cy-kqee |
| summary |
MediaWiki Incorrect Access Control vulnerability
MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12467 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00298 |
| scoring_system |
epss |
| scoring_elements |
0.53131 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.00298 |
| scoring_system |
epss |
| scoring_elements |
0.53224 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00298 |
| scoring_system |
epss |
| scoring_elements |
0.53241 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00298 |
| scoring_system |
epss |
| scoring_elements |
0.53235 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00298 |
| scoring_system |
epss |
| scoring_elements |
0.53198 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00298 |
| scoring_system |
epss |
| scoring_elements |
0.53214 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00298 |
| scoring_system |
epss |
| scoring_elements |
0.53139 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00298 |
| scoring_system |
epss |
| scoring_elements |
0.53118 |
| published_at |
2026-04-01T12:55:00Z |
|
| 8 |
| value |
0.00298 |
| scoring_system |
epss |
| scoring_elements |
0.53163 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00298 |
| scoring_system |
epss |
| scoring_elements |
0.53229 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00298 |
| scoring_system |
epss |
| scoring_elements |
0.53178 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.00298 |
| scoring_system |
epss |
| scoring_elements |
0.53185 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12467 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-12467, GHSA-6vfg-8ppv-h5hg
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gma6-b9cy-kqee |
|
| 10 |
| url |
VCID-jm7q-2w3j-buhh |
| vulnerability_id |
VCID-jm7q-2w3j-buhh |
| summary |
MediaWiki Denial of Service vulnerability
An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-45363 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.11025 |
| scoring_system |
epss |
| scoring_elements |
0.93415 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.11025 |
| scoring_system |
epss |
| scoring_elements |
0.93464 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.11025 |
| scoring_system |
epss |
| scoring_elements |
0.93458 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.11025 |
| scoring_system |
epss |
| scoring_elements |
0.93407 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.11025 |
| scoring_system |
epss |
| scoring_elements |
0.93452 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.11025 |
| scoring_system |
epss |
| scoring_elements |
0.93433 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.11025 |
| scoring_system |
epss |
| scoring_elements |
0.93432 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.11025 |
| scoring_system |
epss |
| scoring_elements |
0.93427 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.11025 |
| scoring_system |
epss |
| scoring_elements |
0.93424 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-45363 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/wikimedia/mediawiki |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/wikimedia/mediawiki |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://phabricator.wikimedia.org/T333050 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/ |
|
|
| url |
https://phabricator.wikimedia.org/T333050 |
|
| 9 |
| reference_url |
https://www.debian.org/security/2023/dsa-5520 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/ |
|
|
| url |
https://www.debian.org/security/2023/dsa-5520 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-45363, GHSA-w5fx-cx7f-6vr9
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jm7q-2w3j-buhh |
|
| 11 |
| url |
VCID-pm5t-23j4-6yh6 |
| vulnerability_id |
VCID-pm5t-23j4-6yh6 |
| summary |
MediaWiki Cross-site Scripting (XSS) vulnerability
An issue was discovered in MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3. The non-jqueryMsg version of mw.message().parse() doesn't escape HTML. This affects both message contents (which are generally safe) and the parameters (which can be based on user input). (When jqueryMsg is loaded, it correctly accepts only whitelisted tags in message contents, and escapes all parameters. Situations with an unloaded jqueryMsg are rare in practice, but can for example occur for Special:SpecialPages on a wiki with no extensions installed.) |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-25828 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00387 |
| scoring_system |
epss |
| scoring_elements |
0.5985 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00387 |
| scoring_system |
epss |
| scoring_elements |
0.59866 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00387 |
| scoring_system |
epss |
| scoring_elements |
0.59859 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00387 |
| scoring_system |
epss |
| scoring_elements |
0.59839 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00387 |
| scoring_system |
epss |
| scoring_elements |
0.59856 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00387 |
| scoring_system |
epss |
| scoring_elements |
0.59835 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00387 |
| scoring_system |
epss |
| scoring_elements |
0.59703 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.00387 |
| scoring_system |
epss |
| scoring_elements |
0.59822 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00387 |
| scoring_system |
epss |
| scoring_elements |
0.5977 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00387 |
| scoring_system |
epss |
| scoring_elements |
0.59777 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.00387 |
| scoring_system |
epss |
| scoring_elements |
0.59801 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-25828 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-25828, GHSA-h8qx-mj6v-2934
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pm5t-23j4-6yh6 |
|
| 12 |
| url |
VCID-qmx3-kcnd-zuhe |
| vulnerability_id |
VCID-qmx3-kcnd-zuhe |
| summary |
Wikimedia MediaWiki Incorrect Access Control vulnerability
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12468 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00519 |
| scoring_system |
epss |
| scoring_elements |
0.66728 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00519 |
| scoring_system |
epss |
| scoring_elements |
0.66797 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00519 |
| scoring_system |
epss |
| scoring_elements |
0.66814 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00519 |
| scoring_system |
epss |
| scoring_elements |
0.66774 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00519 |
| scoring_system |
epss |
| scoring_elements |
0.66725 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00519 |
| scoring_system |
epss |
| scoring_elements |
0.66753 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00519 |
| scoring_system |
epss |
| scoring_elements |
0.66688 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.00519 |
| scoring_system |
epss |
| scoring_elements |
0.668 |
| published_at |
2026-04-16T12:55:00Z |
|
| 8 |
| value |
0.00519 |
| scoring_system |
epss |
| scoring_elements |
0.66766 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00519 |
| scoring_system |
epss |
| scoring_elements |
0.66796 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00519 |
| scoring_system |
epss |
| scoring_elements |
0.6681 |
| published_at |
2026-04-11T12:55:00Z |
|
| 11 |
| value |
0.00519 |
| scoring_system |
epss |
| scoring_elements |
0.66789 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12468 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-12468, GHSA-wrhx-3pxr-6vgg
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qmx3-kcnd-zuhe |
|
| 13 |
| url |
VCID-t6w8-cgct-gbgz |
| vulnerability_id |
VCID-t6w8-cgct-gbgz |
| summary |
MediaWiki information disclosure
In MediaWiki through 1.33.0, Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-16738 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00415 |
| scoring_system |
epss |
| scoring_elements |
0.61711 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00415 |
| scoring_system |
epss |
| scoring_elements |
0.61705 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00415 |
| scoring_system |
epss |
| scoring_elements |
0.61536 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00415 |
| scoring_system |
epss |
| scoring_elements |
0.61659 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00415 |
| scoring_system |
epss |
| scoring_elements |
0.61611 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00415 |
| scoring_system |
epss |
| scoring_elements |
0.6164 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00415 |
| scoring_system |
epss |
| scoring_elements |
0.6161 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00415 |
| scoring_system |
epss |
| scoring_elements |
0.61664 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00415 |
| scoring_system |
epss |
| scoring_elements |
0.61684 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00415 |
| scoring_system |
epss |
| scoring_elements |
0.61695 |
| published_at |
2026-04-21T12:55:00Z |
|
| 10 |
| value |
0.00415 |
| scoring_system |
epss |
| scoring_elements |
0.61674 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-16738 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-16738, GHSA-7hwr-f745-5rwq
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t6w8-cgct-gbgz |
|
| 14 |
| url |
VCID-tq2e-c9ym-a3hj |
| vulnerability_id |
VCID-tq2e-c9ym-a3hj |
| summary |
Wikimedia information leak vulnerability
Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12474 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49391 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49445 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49475 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49478 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49432 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.4943 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49411 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49382 |
| published_at |
2026-04-01T12:55:00Z |
|
| 8 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49438 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49458 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49441 |
| published_at |
2026-04-09T12:55:00Z |
|
| 11 |
| value |
0.00261 |
| scoring_system |
epss |
| scoring_elements |
0.49446 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12474 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-12474, GHSA-2qrr-c2gh-pr35
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tq2e-c9ym-a3hj |
|
| 15 |
| url |
VCID-u2xc-ztge-p3bv |
| vulnerability_id |
VCID-u2xc-ztge-p3bv |
| summary |
MediaWiki Incorrect Access Control vulnerability
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12472 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00151 |
| scoring_system |
epss |
| scoring_elements |
0.3576 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00151 |
| scoring_system |
epss |
| scoring_elements |
0.35707 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00151 |
| scoring_system |
epss |
| scoring_elements |
0.35905 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00151 |
| scoring_system |
epss |
| scoring_elements |
0.35935 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00151 |
| scoring_system |
epss |
| scoring_elements |
0.35765 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00151 |
| scoring_system |
epss |
| scoring_elements |
0.35816 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00151 |
| scoring_system |
epss |
| scoring_elements |
0.35838 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00151 |
| scoring_system |
epss |
| scoring_elements |
0.35845 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00151 |
| scoring_system |
epss |
| scoring_elements |
0.35805 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00151 |
| scoring_system |
epss |
| scoring_elements |
0.35782 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00151 |
| scoring_system |
epss |
| scoring_elements |
0.35821 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00151 |
| scoring_system |
epss |
| scoring_elements |
0.35809 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12472 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-12472, GHSA-7mqg-5fgh-xh4r
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u2xc-ztge-p3bv |
|
| 16 |
| url |
VCID-ujdn-y48t-pbch |
| vulnerability_id |
VCID-ujdn-y48t-pbch |
| summary |
MediaWiki Special:UserRights exposes the existence of hidden users
In MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3, Special:UserRights exposes the existence of hidden users. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-25813 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58639 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58634 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.5864 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58565 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58595 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58574 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58489 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.586 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.5862 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58623 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.00366 |
| scoring_system |
epss |
| scoring_elements |
0.58616 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-25813 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-25813, GHSA-c4rj-wrmq-52rj
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ujdn-y48t-pbch |
|
| 17 |
| url |
VCID-yr8d-347g-pugg |
| vulnerability_id |
VCID-yr8d-347g-pugg |
| summary |
Wikimedia MediaWik exposed suppressed log in RevisionDelete page
Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12470 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00168 |
| scoring_system |
epss |
| scoring_elements |
0.3805 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00168 |
| scoring_system |
epss |
| scoring_elements |
0.37936 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00168 |
| scoring_system |
epss |
| scoring_elements |
0.38018 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00168 |
| scoring_system |
epss |
| scoring_elements |
0.38007 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00168 |
| scoring_system |
epss |
| scoring_elements |
0.37956 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00168 |
| scoring_system |
epss |
| scoring_elements |
0.38074 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00168 |
| scoring_system |
epss |
| scoring_elements |
0.37889 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.00168 |
| scoring_system |
epss |
| scoring_elements |
0.37973 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00168 |
| scoring_system |
epss |
| scoring_elements |
0.37998 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.00168 |
| scoring_system |
epss |
| scoring_elements |
0.38034 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00168 |
| scoring_system |
epss |
| scoring_elements |
0.38017 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12470 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-12470, GHSA-733q-m38x-q7cc
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yr8d-347g-pugg |
|
| 18 |
| url |
VCID-z9d9-aer5-gfa9 |
| vulnerability_id |
VCID-z9d9-aer5-gfa9 |
| summary |
Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-41800 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.3925 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39342 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39337 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39365 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39313 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39331 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39164 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39371 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.3935 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39374 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39287 |
| published_at |
2026-04-07T12:55:00Z |
|
| 11 |
| value |
0.00177 |
| scoring_system |
epss |
| scoring_elements |
0.39359 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-41800 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-41800, GHSA-c8wv-qwwc-6j73
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z9d9-aer5-gfa9 |
|
| 19 |
| url |
VCID-zgdf-mxfn-gbea |
| vulnerability_id |
VCID-zgdf-mxfn-gbea |
| summary |
img_auth.php may leak private extension images into the public cache
In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-15005 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00737 |
| scoring_system |
epss |
| scoring_elements |
0.72868 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00737 |
| scoring_system |
epss |
| scoring_elements |
0.72768 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00737 |
| scoring_system |
epss |
| scoring_elements |
0.72776 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00737 |
| scoring_system |
epss |
| scoring_elements |
0.72796 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00737 |
| scoring_system |
epss |
| scoring_elements |
0.72773 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00737 |
| scoring_system |
epss |
| scoring_elements |
0.72811 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00737 |
| scoring_system |
epss |
| scoring_elements |
0.72825 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00737 |
| scoring_system |
epss |
| scoring_elements |
0.7285 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00737 |
| scoring_system |
epss |
| scoring_elements |
0.72833 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00737 |
| scoring_system |
epss |
| scoring_elements |
0.72824 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00737 |
| scoring_system |
epss |
| scoring_elements |
0.72866 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00737 |
| scoring_system |
epss |
| scoring_elements |
0.72876 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-15005 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-15005, GHSA-xpv7-93cm-4mxv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zgdf-mxfn-gbea |
|