Lucene search
+L

3475 matches found

OSV
OSV
added 2026/05/26 6:58 p.m.13 views

GHSA-QRVH-R3F2-9H4R XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}

Impact POST /wikis/wikiName executes a XAR import without performing any authentication or authorization checks, allowing an unauthenticated attacker to create or update documents in the target wiki Patches This vulnerability has been patched in XWiki 16.10.17, 17.4.9, 17.10.3, 18.0.1 and...

9.3CVSS5.8AI score0.00594EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/05/26 6:58 p.m.22 views

XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}

Impact POST /wikis/wikiName executes a XAR import without performing any authentication or authorization checks, allowing an unauthenticated attacker to create or update documents in the target wiki Patches This vulnerability has been patched in XWiki 16.10.17, 17.4.9, 17.10.3, 18.0.1 and...

9.3CVSS5.8AI score0.00594EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/05/26 5:16 p.m.9 views

GHSA-XQ3R-2QV5-VQQM XWiki Platform has path traversal via resources parameter in ssx and jsx endpoints when using leading slash

Impact It's possible to get access and read configuration files by using URLs such as http://localhost:8080/bin/ssx/Main/WebHome?resource=/../../WEB-INF/xwiki.cfg&minify=false. This can apparently be reproduced on Tomcat instances. Patches This has been patched in 18.0.0-rc-1, 17.10.3, 17.4.9,...

9.3CVSS5.8AI score0.19538EPSS
Exploits1References5
GithubExploit
GithubExploit
added 2026/05/25 6:10 p.m.145 views

Exploit for CVE-2026-33137

CVE-2026-33137 XWiki Platform - Unauthenticated XAR Import...

9.3CVSS6AI score0.00594EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/05/21 7:57 p.m.21 views

CVE-2026-23734

XWiki Platform is a generic wiki platform. Versions prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17 allow access to read configuration files by using URLs such as http://localhost:8080/bin/ssx/Main/WebHome?resource=/../../WEB-INF/xwiki.cfg=false, leading to Path Traversal. The vulnerability i...

9.3CVSS5.7AI score0.19538EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.12 views

PT-2026-43466

Name of the Vulnerable Software and Affected Versions XWiki versions prior to 18.0.0RC1 XWiki versions prior to 17.10.13 XWiki versions prior to 17.4.9 XWiki versions prior to 16.10.17 Description An insufficient patch allows for the discovery of password hashes one bit at a time by using modifie...

7.5CVSS5.8AI score0.0004EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.14 views

PT-2026-43465

Name of the Vulnerable Software and Affected Versions XWiki versions prior to 16.10.17 XWiki versions prior to 17.4.9 XWiki versions prior to 17.10.3 XWiki versions prior to 18.0.0RC1 Description A path traversal issue allows an attacker to write arbitrary files, which could lead to overriding...

5.9CVSS5.9AI score0.00056EPSS
Exploits0References6
Snyk
Snyk
added 2026/05/20 9:45 p.m.16 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal via the resource parameter in the ssx and jsx endpoints when a leading slash is used. An attacker can access sensitive configuration files by crafting a URL that traverses directories. Note: This issue is due to...

9.8CVSS5.8AI score0.19538EPSS
Exploits1References2
NVD
NVD
added 2026/05/20 8:16 p.m.13 views

CVE-2026-33137

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform is a generic wiki platform. In versions starting with 15.10.6 and prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17, the POST /wikis/wikiName API executes a XAR import without...

9.3CVSS0.00594EPSS
Exploits1References3
NVD
NVD
added 2026/05/20 8:16 p.m.12 views

CVE-2026-23734

XWiki Platform is a generic wiki platform. Versions prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17 allow access to read configuration files by using URLs such as http://localhost:8080/bin/ssx/Main/WebHome?resource=/../../WEB-INF/xwiki.cfg&minify=false, leading to Path Traversal. The...

9.3CVSS0.19538EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/05/20 6:59 p.m.9 views

CVE-2026-33137 XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform is a generic wiki platform. In versions starting with 15.10.6 and prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17, the POST /wikis/wikiName API executes a XAR import without...

9.3CVSS5.7AI score0.00594EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/20 6:59 p.m.8 views

CVE-2026-33137

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform is a generic wiki platform. In versions starting with 15.10.6 and prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17, the POST /wikis/wikiName API executes a XAR import without...

9.3CVSS5.7AI score0.00594EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/05/20 6:59 p.m.11 views

EUVD-2026-31157

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform is a generic wiki platform. In versions prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17, the POST /wikis/wikiName API executes a XAR import without performing any...

9.3CVSS5.8AI score0.00594EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/20 6:59 p.m.39 views

CVE-2026-33137 XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform is a generic wiki platform. In versions starting with 15.10.6 and prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17, the POST /wikis/wikiName API executes a XAR import without...

9.3CVSS0.00594EPSS
Exploits1References3
OSV
OSV
added 2026/05/20 6:59 p.m.7 views

CVE-2026-33137 XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform is a generic wiki platform. In versions starting with 15.10.6 and prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17, the POST /wikis/wikiName API executes a XAR import without...

9.3CVSS5.9AI score0.00594EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/05/20 6:39 p.m.8 views

CVE-2026-23734

XWiki Platform is a generic wiki platform. Versions prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17 allow access to read configuration files by using URLs such as http://localhost:8080/bin/ssx/Main/WebHome?resource=/../../WEB-INF/xwiki.cfg&minify=false, leading to Path Traversal. The...

9.3CVSS5.7AI score0.19538EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/05/20 6:39 p.m.34 views

CVE-2026-23734 XWiki Platform: Path traversal via resources parameter in ssx and jsx endpoints when using leading slash

XWiki Platform is a generic wiki platform. Versions prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17 allow access to read configuration files by using URLs such as http://localhost:8080/bin/ssx/Main/WebHome?resource=/../../WEB-INF/xwiki.cfg&minify=false, leading to Path Traversal. The...

9.3CVSS0.19538EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/05/20 6:39 p.m.13 views

CVE-2026-23734 XWiki Platform: Path traversal via resources parameter in ssx and jsx endpoints when using leading slash

XWiki Platform is a generic wiki platform. Versions prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17 allow access to read configuration files by using URLs such as http://localhost:8080/bin/ssx/Main/WebHome?resource=/../../WEB-INF/xwiki.cfg&minify=false, leading to Path Traversal. The...

9.3CVSS5.7AI score0.19538EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/20 6:39 p.m.13 views

EUVD-2026-31152

XWiki Platform is a generic wiki platform. Versions prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17 allow access to read configuration files by using URLs such as http://localhost:8080/bin/ssx/Main/WebHome?resource=/../../WEB-INF/xwiki.cfg&minify=false, leading to Path Traversal. The...

9.3CVSS5.7AI score0.19538EPSS
Exploits1References3
CVE
CVE
added 2026/05/20 6:39 p.m.32 views

CVE-2026-23734

XWiki Platform suffers a Path Traversal vulnerability in which configuration files can be read via the resources parameter on the ssx and jsx endpoints using a leading slash (e.g., /../../WEB-INF/xwiki.cfg). Affected releases:

9.3CVSS5.7AI score0.19538EPSS
Exploits1References3
Rows per page
Query Builder