CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

183 matches found

OSV•added 2026/04/08 3:0 p.m.•1 views

GHSA-H259-74H5-4RH9 XWiki vulnerable to remote code execution with script right through unprotected Velocity scripting API

Impact An improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python scripts, allowing full access to the XWiki instance and thereby compromising the confidentiality, integrity and availability of...

8.6CVSS5.9AI score0.0054EPSS

Exploits1References6

CVE•added 2026/01/10 3:6 a.m.•16 views

CVE-2025-65091

The CVE-2025-65091 issue affects the XWiki Full Calendar Macro. Concrete details from connected documents show a SQL injection vulnerability present in versions prior to 2.4.5, exploitable by users with view rights to the Calendar.JSONService page (including guests). The root cause is an injectio...

10CVSS7.5AI score0.00282EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2026/01/09 9:0 a.m.•7 views

CVE-2023-29209

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the legacy notification activity macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki...

9.9CVSS7.5AI score0.01144EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 8:58 a.m.•6 views

CVE-2023-45135

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In org.xwiki.platform:xwiki-platform-web versions 7.2-milestone-2 until 14.10.12 and org.xwiki.platform:xwiki-platform-web-templates prior to versions 14.10.12 and 15.5-rc-1, it is possible to...

9CVSS7.6AI score0.01741EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 8:58 a.m.•7 views

CVE-2023-45136

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When document names are validated according to a name strategy disabled by default, XWiki starting in version 12.0-rc-1 and prior to versions 12.10.12 and 15.5-rc-1 is vulnerable to a reflecte...

9.6CVSS7.3AI score0.05166EPSS

Exploits1References1

Vulnrichment•added 2025/12/10 9:59 p.m.•4 views

CVE-2025-66474 XWiki vulnerable to remote code execution through insufficient protection against {{/html}} injection

XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Versions 16.10.9 and below, 17.0.0-rc-1 through 17.4.2 and 17.5.0-rc-1 through 17.5.0 have insufficient protection against /html injection, which...

8.7CVSS8.1AI score0.0086EPSS

Exploits1References7