696 matches found
DokuWiki <= 2025-05-14a Librarian - Reflected Cross-Site Scripting
DokuWiki 2025-05-14a 'Librarian' contains a stored XSS caused by improper sanitization of the 'q' parameter, letting remote attackers execute arbitrary scripts, exploit requires no special privileges. id: CVE-2025-61224 info: name: DokuWiki = 2025-05-14a Librarian - Reflected Cross-Site Scripting...
DokuWiki - Cross-Site Scripting
DokuWiki through 2017-02-19b contains a cross-site scripting vulnerability in the DATEAT parameter to doku.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...
CVE-2026-37106
A flaw was found in DokuWiki. A remote attacker can create an account through the registration function. This occurs when the DokuWiki instance is configured to allow self-registration, which is not the default setting. This could lead to the creation of unauthorized user accounts. Mitigation To...
EUVD-2026-40863
An issue in DokuWiki 2025-05-14b "Librarian" 56.2 allows a remote attacker to execute arbitrary code via the register function in inc/auth.php...
CVE-2026-37106
An issue in DokuWiki 2025-05-14b "Librarian" 56.2 allows a remote attacker to create an account via the register function in inc/auth.php. NOTE: this is disputed by the Supplier because this is the intentional behavior when the product is configured for self-registration a non-default feature...
UBUNTU-CVE-2026-37106
An issue in DokuWiki 2025-05-14b "Librarian" 56.2 allows a remote attacker to create an account via the register function in inc/auth.php. NOTE: this is disputed by the Supplier because this is the intentional behavior when the product is configured for self-registration a non-default feature...
PT-2026-54001
Name of the Vulnerable Software and Affected Versions DokuWiki version 2025-05-14b "Librarian" 56.2 Description A remote attacker can execute arbitrary code through the register function in the inc/auth.php file. This issue may also allow the creation of unauthorized accounts via the same functio...
CVE-2026-37106
An issue in DokuWiki 2025-05-14b "Librarian" 56.2 allows a remote attacker to create an account via the register function in inc/auth.php. NOTE: this is disputed by the Supplier because this is the intentional behavior when the product is configured for self-registration a non-default feature...
CVE-2026-37106
CVE-2026-37106 affects DokuWiki (version 2025-05-14b “Librarian” 56.2) where the register function in inc/auth.php can be abused by a remote attacker to create new user accounts. Some sources additionally indicate potential arbitrary code execution via this path; the vendor notes this may reflect...
[SECURITY] Fedora 43 Update: dokuwiki-20250514b-3.fc43
DokuWiki is a standards compliant, simple to use Wiki, mainly aimed at creati ng documentation of any kind. It has a simple but powerful syntax which makes su re the data-files remain readable outside the Wiki and eases the creation of structured texts. All data is stored in plain text files no...
[SECURITY] Fedora 44 Update: dokuwiki-20250514b-5.fc44
DokuWiki is a standards compliant, simple to use Wiki, mainly aimed at creati ng documentation of any kind. It has a simple but powerful syntax which makes su re the data-files remain readable outside the Wiki and eases the creation of structured texts. All data is stored in plain text files no...
Fedora 43 : dokuwiki (2026-511c8bd939)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-511c8bd939 advisory. Add a patch for CVE-2026-26477 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
Fedora 44 : dokuwiki (2026-e1f1cff72a)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-e1f1cff72a advisory. Add a patch for CVE-2026-26477 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
Linux Distros Unpatched Vulnerability : CVE-2026-26477
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in Dokuwiki v.2025-05-14b Librarian 56.2 allows a remote attacker to cause a denial of service via the mediauploadxhr function in the media.php file...
EUVD-2026-18657
An issue in Dokuwiki v.2025-05-14b 'Librarian' allows a remote attacker to cause a denial of service via the mediauploadxhr function in the media.php file...
CVE-2026-26477
A flaw was found in Dokuwiki. A remote attacker can exploit this vulnerability by utilizing the mediauploadxhr function within the media.php file. This can lead to a denial of service DoS...
CVE-2026-26477
An issue in Dokuwiki v.2025-05-14b "Librarian" 56.2 allows a remote attacker to cause a denial of service via the mediauploadxhr function in the media.php file...
CVE-2026-26477
An issue in Dokuwiki v.2025-05-14b "Librarian" 56.2 allows a remote attacker to cause a denial of service via the mediauploadxhr function in the media.php file...
UBUNTU-CVE-2026-26477
An issue in Dokuwiki v.2025-05-14b "Librarian" 56.2 allows a remote attacker to cause a denial of service via the mediauploadxhr function in the media.php file...
PT-2026-30048
Name of the Vulnerable Software and Affected Versions Dokuwiki version 2025-05-14b Description A flaw exists in Dokuwiki version 2025-05-14b 'Librarian' that could allow a remote attacker to cause a denial of service. The issue is related to the media upload xhr function within the media.php file...