JLSEC-2026-201

A stack-use-after-scope issue discovered in expandmmacparams function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file...

CVE-2021-47711

A SQL injection vulnerability in Kentico Xperience allows authenticated editors to inject malicious SQL queries via online marketing macro method parameters. This enables unauthorized database access and potential data manipulation by exploiting macro method input validation weaknesses...

PT-2025-52300

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A SQL injection issue exists in Kentico Xperience, potentially allowing authenticated editors to inject malicious SQL queries through online marketing macro method parameters. This ...

EUVD-2020-22817

Malware in sbrugna...

EUVD-2025-18284

Malicious code in bioql PyPI...

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmac_params() in modules/preprocs/nasm/nasm-pp.c.

...

XWiki allows remote code execution through default value of wiki macro wiki-type parameters

Impact Any user with edit right on a page could be the user's profile can execute code Groovy, Python, Velocity with programming right by defining a wiki macro. This allows full access to the whole XWiki installation and thus impacts its confidentiality, integrity and availability. The main probl...

GHSA-9875-CW22-F7CX XWiki allows remote code execution through default value of wiki macro wiki-type parameters

Impact Any user with edit right on a page could be the user's profile can execute code Groovy, Python, Velocity with programming right by defining a wiki macro. This allows full access to the whole XWiki installation and thus impacts its confidentiality, integrity and availability. The main probl...

CVE-2025-49582

XWiki platform is affected by a remote code execution risk due to incomplete required-right analyzers for dangerous macros. The issue allows a page to include Groovy or Python macros hidden by a user with lower privileges, which could be executed when another user with higher rights edits the pag...

CVE-2025-49582 XWiki's required right warnings for macros are incomplete

XWiki is a generic wiki platform. When editing content that contains "dangerous" macros like malicious script macros that were authored by a user with fewer rights, XWiki warns about the execution of these macros since XWiki 15.9RC1. These required rights analyzers that trigger these warnings are...

CVE-2025-49581 XWiki allows remote code execution through default value of wiki macro wiki-type parameters

XWiki is a generic wiki platform. Any user with edit right on a page could be the user's profile can execute code Groovy, Python, Velocity with programming right by defining a wiki macro. This allows full access to the whole XWiki installation. The main problem is that if a wiki macro parameter...

CVE-2020-35121

An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a user viewed a page with that instance of the macro...

Design/Logic Flaw

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping o...

CVE-2023-29509 org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping o...

XWiki 6.4-milestone-2 < 13.10.7, 14.x < 14.4.2 Eval Injection Vulnerability (GHSA-5j7g-cf6r-g2h7)

Xwiki is prone to an improper neutralization of directives in dynamically evaluated code eval injection vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-ui

Impact Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper neutralization of the macro parameters of the icon picker macro. The URL...

GHSA-5J7G-CF6R-G2H7 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-ui

Impact Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper neutralization of the macro parameters of the icon picker macro. The URL...

CVE-2020-35121

An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a user viewed a page with that instance of the macro...

CVE-2020-35121

An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a user viewed a page with that instance of the macro...

Code injection

An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a user viewed a page with that instance of the macro...