183 matches found
GHSA-H259-74H5-4RH9 XWiki vulnerable to remote code execution with script right through unprotected Velocity scripting API
Impact An improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python scripts, allowing full access to the XWiki instance and thereby compromising the confidentiality, integrity and availability of...
CVE-2025-65091
The CVE-2025-65091 issue affects the XWiki Full Calendar Macro. Concrete details from connected documents show a SQL injection vulnerability present in versions prior to 2.4.5, exploitable by users with view rights to the Calendar.JSONService page (including guests). The root cause is an injectio...
CVE-2023-29209
XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the legacy notification activity macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki...
CVE-2023-45135
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In org.xwiki.platform:xwiki-platform-web versions 7.2-milestone-2 until 14.10.12 and org.xwiki.platform:xwiki-platform-web-templates prior to versions 14.10.12 and 15.5-rc-1, it is possible to...
CVE-2023-45136
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When document names are validated according to a name strategy disabled by default, XWiki starting in version 12.0-rc-1 and prior to versions 12.10.12 and 15.5-rc-1 is vulnerable to a reflecte...
EUVD-2025-202429
XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Versions 16.10.9 and below, 17.0.0-rc-1 through 17.4.2 and 17.5.0-rc-1 through 17.5.0 have insufficient protection against /html injection, which...
CVE-2025-66474 XWiki vulnerable to remote code execution through insufficient protection against {{/html}} injection
XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Versions 16.10.9 and below, 17.0.0-rc-1 through 17.4.2 and 17.5.0-rc-1 through 17.5.0 have insufficient protection against /html injection, which...
Exploit for Code Injection in Xwiki
Description: XWiki Platform is a generic wiki platform offering...
Exploit for Code Injection in Xwiki
CVE-2025-24893-PoC XWiki Unauthenticated RCE Exploit for Reve...
EUVD-2007-4879
Malware in sbrugna...
EUVD-2021-1492
Malware in sbrugna...
EUVD-2020-3435
Malware in sbrugna...
EUVD-2020-1412
Malware in sbrugna...
EUVD-2007-4869
Malware in sbrugna...
EUVD-2022-7241
Malicious code in bioql PyPI...
EUVD-2024-45838
Malicious code in bioql PyPI...
EUVD-2025-12742
Malicious code in bioql PyPI...
EUVD-2024-28186
Malicious code in bioql PyPI...
EUVD-2023-1256
Malicious code in bioql PyPI...
EUVD-2025-18286
Malicious code in bioql PyPI...