Every CVE whose affected-product data names Mediawiki Cargo, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2026-14363 — CVSS 9.8 (critical): Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in The Wikimedia Foundation Mediawiki -…
CVE-2026-58521 — CVSS 9.8 (critical): Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in The Wikimedia Foundation Mediawiki -…
CVE-2024-47849 — CVSS 9.8 (critical): Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation Mediawiki -…
CVE-2024-47846 — CVSS 8.8 (high): Cross-Site Request Forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross Site Request Forgery.This issue…
CVE-2026-39839 — CVSS 6.1 (medium): Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Wikimedia Foundation Mediawiki - Cargo…
CVE-2026-39840 — CVSS 6.1 (medium): Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Wikimedia Foundation Mediawiki -…
CVE-2026-39841 — CVSS 6.1 (medium): Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Wikimedia Foundation Mediawiki - Cargo…
CVE-2024-47847 — CVSS 6.1 (medium): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation…
CVE-2026-39837 — CVSS 5.4 (medium): Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in WikiWorks Mediawiki - Cargo Extension allows…
CVE-2026-58519 — CVSS 5.4 (medium): Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki -…