{"url":"http://public2.vulnerablecode.io/api/packages/94716?format=json","purl":"pkg:deb/debian/mediawiki@1:1.25.5-1?distro=trixie","type":"deb","namespace":"debian","name":"mediawiki","version":"1:1.25.5-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1:1.27.1-1","latest_non_vulnerable_version":"1:1.43.8+dfsg-2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204099?format=json","vulnerability_id":"VCID-4vb7-yfje-7fd4","summary":"MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote attackers to obtain the installation path by reading the metadata of a PNG thumbnail file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8005","reference_id":"","reference_type":"","scores":[{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48938","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8005"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94716?format=json","purl":"pkg:deb/debian/mediawiki@1:1.25.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.25.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94678?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-668s-gdwc-5ycr"},{"vulnerability":"VCID-dauk-k2fs-63dy"},{"vulnerability":"VCID-k4gf-gky5-nbfk"},{"vulnerability":"VCID-n7dk-8esv-abde"},{"vulnerability":"VCID-nt78-urhw-7fbv"},{"vulnerability":"VCID-q3rz-xsy4-kkhh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94676?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-k4gf-gky5-nbfk"},{"vulnerability":"VCID-n7dk-8esv-abde"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94680?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94679?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-8005"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4vb7-yfje-7fd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/181444?format=json","vulnerability_id":"VCID-6b9n-hdj9-9uca","summary":"Multiple vulnerabilities have been found in MediaWiki, the worst of\n    which may allow remote attackers to cause a Denial of Service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-6728","reference_id":"","reference_type":"","scores":[{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.3642","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-6728"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6728","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6728"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799096","reference_id":"799096","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799096"},{"reference_url":"https://security.gentoo.org/glsa/201510-05","reference_id":"GLSA-201510-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201510-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94716?format=json","purl":"pkg:deb/debian/mediawiki@1:1.25.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.25.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94678?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-668s-gdwc-5ycr"},{"vulnerability":"VCID-dauk-k2fs-63dy"},{"vulnerability":"VCID-k4gf-gky5-nbfk"},{"vulnerability":"VCID-n7dk-8esv-abde"},{"vulnerability":"VCID-nt78-urhw-7fbv"},{"vulnerability":"VCID-q3rz-xsy4-kkhh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94676?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-k4gf-gky5-nbfk"},{"vulnerability":"VCID-n7dk-8esv-abde"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94680?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94679?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-6728"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6b9n-hdj9-9uca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/181446?format=json","vulnerability_id":"VCID-6wbd-b12t-x7dc","summary":"Multiple vulnerabilities have been found in MediaWiki, the worst of\n    which may allow remote attackers to cause a Denial of Service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-6730","reference_id":"","reference_type":"","scores":[{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51793","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-6730"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6730","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6730"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799096","reference_id":"799096","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799096"},{"reference_url":"https://security.gentoo.org/glsa/201510-05","reference_id":"GLSA-201510-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201510-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94716?format=json","purl":"pkg:deb/debian/mediawiki@1:1.25.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.25.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94678?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-668s-gdwc-5ycr"},{"vulnerability":"VCID-dauk-k2fs-63dy"},{"vulnerability":"VCID-k4gf-gky5-nbfk"},{"vulnerability":"VCID-n7dk-8esv-abde"},{"vulnerability":"VCID-nt78-urhw-7fbv"},{"vulnerability":"VCID-q3rz-xsy4-kkhh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94676?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-k4gf-gky5-nbfk"},{"vulnerability":"VCID-n7dk-8esv-abde"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94680?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94679?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-6730"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6wbd-b12t-x7dc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203194?format=json","vulnerability_id":"VCID-855z-d6sw-4yhy","summary":"The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the \"Change block\" text.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7444","reference_id":"","reference_type":"","scores":[{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.64122","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7444"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7444"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799096","reference_id":"799096","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799096"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94716?format=json","purl":"pkg:deb/debian/mediawiki@1:1.25.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.25.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94678?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-668s-gdwc-5ycr"},{"vulnerability":"VCID-dauk-k2fs-63dy"},{"vulnerability":"VCID-k4gf-gky5-nbfk"},{"vulnerability":"VCID-n7dk-8esv-abde"},{"vulnerability":"VCID-nt78-urhw-7fbv"},{"vulnerability":"VCID-q3rz-xsy4-kkhh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94676?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-k4gf-gky5-nbfk"},{"vulnerability":"VCID-n7dk-8esv-abde"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94680?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94679?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2013-7444"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-855z-d6sw-4yhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204098?format=json","vulnerability_id":"VCID-87x5-x9mh-abht","summary":"MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not properly restrict access to revisions, which allows remote authenticated users with the viewsuppressed user right to remove revision suppressions via a crafted revisiondelete action, which returns a valid a change form.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8004","reference_id":"","reference_type":"","scores":[{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36634","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8004"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8004","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8004"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94716?format=json","purl":"pkg:deb/debian/mediawiki@1:1.25.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.25.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94678?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-668s-gdwc-5ycr"},{"vulnerability":"VCID-dauk-k2fs-63dy"},{"vulnerability":"VCID-k4gf-gky5-nbfk"},{"vulnerability":"VCID-n7dk-8esv-abde"},{"vulnerability":"VCID-nt78-urhw-7fbv"},{"vulnerability":"VCID-q3rz-xsy4-kkhh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94676?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-k4gf-gky5-nbfk"},{"vulnerability":"VCID-n7dk-8esv-abde"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94680?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94679?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-8004"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-87x5-x9mh-abht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204143?format=json","vulnerability_id":"VCID-9au9-wxqt-g3ba","summary":"MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote attackers to bypass intended access restrictions by using an IP address that was not supposed to have been allowed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8627","reference_id":"","reference_type":"","scores":[{"value":"0.00429","scoring_system":"epss","scoring_elements":"0.62943","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8627"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94716?format=json","purl":"pkg:deb/debian/mediawiki@1:1.25.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.25.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94678?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-668s-gdwc-5ycr"},{"vulnerability":"VCID-dauk-k2fs-63dy"},{"vulnerability":"VCID-k4gf-gky5-nbfk"},{"vulnerability":"VCID-n7dk-8esv-abde"},{"vulnerability":"VCID-nt78-urhw-7fbv"},{"vulnerability":"VCID-q3rz-xsy4-kkhh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94676?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-k4gf-gky5-nbfk"},{"vulnerability":"VCID-n7dk-8esv-abde"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94680?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94679?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-8627"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9au9-wxqt-g3ba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204139?format=json","vulnerability_id":"VCID-a3zd-ce2p-wkef","summary":"The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8624.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8623","reference_id":"","reference_type":"","scores":[{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31727","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8623"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94716?format=json","purl":"pkg:deb/debian/mediawiki@1:1.25.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.25.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94678?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-668s-gdwc-5ycr"},{"vulnerability":"VCID-dauk-k2fs-63dy"},{"vulnerability":"VCID-k4gf-gky5-nbfk"},{"vulnerability":"VCID-n7dk-8esv-abde"},{"vulnerability":"VCID-nt78-urhw-7fbv"},{"vulnerability":"VCID-q3rz-xsy4-kkhh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94676?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-k4gf-gky5-nbfk"},{"vulnerability":"VCID-n7dk-8esv-abde"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94680?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94679?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-8623"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a3zd-ce2p-wkef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204013?format=json","vulnerability_id":"VCID-p6y5-dqq6-33hm","summary":"The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the \"Change block\" text.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-6727","reference_id":"","reference_type":"","scores":[{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.6155","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-6727"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6727","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6727"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799096","reference_id":"799096","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799096"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94716?format=json","purl":"pkg:deb/debian/mediawiki@1:1.25.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.25.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94678?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-668s-gdwc-5ycr"},{"vulnerability":"VCID-dauk-k2fs-63dy"},{"vulnerability":"VCID-k4gf-gky5-nbfk"},{"vulnerability":"VCID-n7dk-8esv-abde"},{"vulnerability":"VCID-nt78-urhw-7fbv"},{"vulnerability":"VCID-q3rz-xsy4-kkhh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94676?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-k4gf-gky5-nbfk"},{"vulnerability":"VCID-n7dk-8esv-abde"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94680?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94679?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-6727"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p6y5-dqq6-33hm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204137?format=json","vulnerability_id":"VCID-pqzu-vtpu-37fq","summary":"Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to a page named \"javascript:alert('XSS!').\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8622","reference_id":"","reference_type":"","scores":[{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53963","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8622"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94716?format=json","purl":"pkg:deb/debian/mediawiki@1:1.25.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.25.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94678?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-668s-gdwc-5ycr"},{"vulnerability":"VCID-dauk-k2fs-63dy"},{"vulnerability":"VCID-k4gf-gky5-nbfk"},{"vulnerability":"VCID-n7dk-8esv-abde"},{"vulnerability":"VCID-nt78-urhw-7fbv"},{"vulnerability":"VCID-q3rz-xsy4-kkhh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94676?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-k4gf-gky5-nbfk"},{"vulnerability":"VCID-n7dk-8esv-abde"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94680?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94679?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-8622"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pqzu-vtpu-37fq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204096?format=json","vulnerability_id":"VCID-psaz-5t47-ubhx","summary":"The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 allows remote authenticated users to cause a denial of service (disk consumption) via a file upload using one byte chunks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8002","reference_id":"","reference_type":"","scores":[{"value":"0.00522","scoring_system":"epss","scoring_elements":"0.6731","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8002"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8002","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8002"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94716?format=json","purl":"pkg:deb/debian/mediawiki@1:1.25.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.25.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94678?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-668s-gdwc-5ycr"},{"vulnerability":"VCID-dauk-k2fs-63dy"},{"vulnerability":"VCID-k4gf-gky5-nbfk"},{"vulnerability":"VCID-n7dk-8esv-abde"},{"vulnerability":"VCID-nt78-urhw-7fbv"},{"vulnerability":"VCID-q3rz-xsy4-kkhh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94676?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-k4gf-gky5-nbfk"},{"vulnerability":"VCID-n7dk-8esv-abde"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94680?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94679?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-8002"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-psaz-5t47-ubhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204141?format=json","vulnerability_id":"VCID-qtvh-bvz5-yybv","summary":"The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via a brute-force attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8626","reference_id":"","reference_type":"","scores":[{"value":"0.00642","scoring_system":"epss","scoring_elements":"0.71099","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8626"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94716?format=json","purl":"pkg:deb/debian/mediawiki@1:1.25.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.25.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94678?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-668s-gdwc-5ycr"},{"vulnerability":"VCID-dauk-k2fs-63dy"},{"vulnerability":"VCID-k4gf-gky5-nbfk"},{"vulnerability":"VCID-n7dk-8esv-abde"},{"vulnerability":"VCID-nt78-urhw-7fbv"},{"vulnerability":"VCID-q3rz-xsy4-kkhh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94676?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-k4gf-gky5-nbfk"},{"vulnerability":"VCID-n7dk-8esv-abde"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94680?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94679?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-8626"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qtvh-bvz5-yybv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204095?format=json","vulnerability_id":"VCID-v2h5-czjk-jkhq","summary":"The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not restrict the uploaded data to the claimed file size, which allows remote authenticated users to cause a denial of service via a chunk that exceeds the file size.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8001","reference_id":"","reference_type":"","scores":[{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55825","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8001"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8001","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8001"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94716?format=json","purl":"pkg:deb/debian/mediawiki@1:1.25.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.25.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94678?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-668s-gdwc-5ycr"},{"vulnerability":"VCID-dauk-k2fs-63dy"},{"vulnerability":"VCID-k4gf-gky5-nbfk"},{"vulnerability":"VCID-n7dk-8esv-abde"},{"vulnerability":"VCID-nt78-urhw-7fbv"},{"vulnerability":"VCID-q3rz-xsy4-kkhh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94676?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-k4gf-gky5-nbfk"},{"vulnerability":"VCID-n7dk-8esv-abde"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94680?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94679?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-8001"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v2h5-czjk-jkhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204140?format=json","vulnerability_id":"VCID-vu1w-ugzq-m3hm","summary":"The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8623.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8624","reference_id":"","reference_type":"","scores":[{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29969","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8624"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8624","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8624"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94716?format=json","purl":"pkg:deb/debian/mediawiki@1:1.25.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.25.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94678?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-668s-gdwc-5ycr"},{"vulnerability":"VCID-dauk-k2fs-63dy"},{"vulnerability":"VCID-k4gf-gky5-nbfk"},{"vulnerability":"VCID-n7dk-8esv-abde"},{"vulnerability":"VCID-nt78-urhw-7fbv"},{"vulnerability":"VCID-q3rz-xsy4-kkhh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94676?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-k4gf-gky5-nbfk"},{"vulnerability":"VCID-n7dk-8esv-abde"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94680?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94679?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-8624"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vu1w-ugzq-m3hm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204144?format=json","vulnerability_id":"VCID-x858-7ty3-uufh","summary":"The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user login information via crafted links combined with page view statistics.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8628","reference_id":"","reference_type":"","scores":[{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63299","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8628"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8628","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8628"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94716?format=json","purl":"pkg:deb/debian/mediawiki@1:1.25.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.25.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94678?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-668s-gdwc-5ycr"},{"vulnerability":"VCID-dauk-k2fs-63dy"},{"vulnerability":"VCID-k4gf-gky5-nbfk"},{"vulnerability":"VCID-n7dk-8esv-abde"},{"vulnerability":"VCID-nt78-urhw-7fbv"},{"vulnerability":"VCID-q3rz-xsy4-kkhh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94676?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-k4gf-gky5-nbfk"},{"vulnerability":"VCID-n7dk-8esv-abde"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94680?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94679?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-8628"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x858-7ty3-uufh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204097?format=json","vulnerability_id":"VCID-zw76-cyrd-y3dc","summary":"MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8003","reference_id":"","reference_type":"","scores":[{"value":"0.00522","scoring_system":"epss","scoring_elements":"0.6731","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8003"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8003","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8003"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94716?format=json","purl":"pkg:deb/debian/mediawiki@1:1.25.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.25.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94678?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-668s-gdwc-5ycr"},{"vulnerability":"VCID-dauk-k2fs-63dy"},{"vulnerability":"VCID-k4gf-gky5-nbfk"},{"vulnerability":"VCID-n7dk-8esv-abde"},{"vulnerability":"VCID-nt78-urhw-7fbv"},{"vulnerability":"VCID-q3rz-xsy4-kkhh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94676?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-k4gf-gky5-nbfk"},{"vulnerability":"VCID-n7dk-8esv-abde"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94680?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94679?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-8003"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zw76-cyrd-y3dc"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.25.5-1%3Fdistro=trixie"}