Lucene search
+L

3476 matches found

OSV
OSV
added 2026/04/15 12:1 a.m.3 views

CVE-2026-40104 XWiki's REST APIs can list all pages/spaces, leading to unavailability

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 1.8-rc-1, 17.0.0-rc-1 and 17.5.0-rc-1 and prior include a resource exhaustion vulnerability in REST API endpoints such as...

6.9CVSS5.9AI score0.00405EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.11 views

XWiki Platform 安全漏洞

The XWiki Platform is an open-source wiki platform used for creating web collaboration applications. Vulnerabilities exist in versions 10.4-rc-1 to 16.10.15, 17.0.0-rc-1 to 17.4.7, and 17.5.0-rc-1 to 17.10.0 of the XWiki Platform. These vulnerabilities stem from a reflection-type cross-site...

6.5CVSS5.7AI score0.00549EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.14 views

XWiki Platform 安全漏洞

The XWiki Platform is an open-source wiki platform designed for creating web collaboration applications. Versions of the XWiki Platform such as 1.8-rc-1, 17.0.0-rc-1, and 17.5.0-rc-1 and earlier contain security vulnerabilities. These vulnerabilities stem from resource exhaustion issues with the...

8.2CVSS5.8AI score0.00405EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/14 10:34 p.m.10 views

XWiki's REST APIs can list all pages/spaces, leading to unavailability

Impact REST API endpoints like /xwiki/rest/wikis/xwiki/spaces/AnnotationCode/pages/AnnotationConfig/objects/AnnotationCode.AnnotationConfig/0/properties list all available pages as part of the metadata for database list properties, which can exhaust available resources on large wikis. Patches Thi...

8.2CVSS5.7AI score0.00405EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2026/04/14 10:34 p.m.2 views

GHSA-MRQG-XMGM-RC5G XWiki's REST APIs can list all pages/spaces, leading to unavailability

Impact REST API endpoints like /xwiki/rest/wikis/xwiki/spaces/AnnotationCode/pages/AnnotationConfig/objects/AnnotationCode.AnnotationConfig/0/properties list all available pages as part of the metadata for database list properties, which can exhaust available resources on large wikis. Patches Thi...

8.2CVSS5.7AI score0.00405EPSS
Exploits0References5
OSV
OSV
added 2026/04/14 10:33 p.m.5 views

GHSA-W4FJ-87J5-F25C XWiki has Reflected Cross-Site Scripting (XSS) in page history compare

Impact A reflected cross-site scripting vulnerability XSS in the compare view between revisions of a page allows executing JavaScript code in the user's browser. If the current user is an admin, this can not only affect the current user but also the confidentiality, integrity and availability of...

6.5CVSS5.7AI score0.00549EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.8 views

PT-2026-32970

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 1.8-rc-1, 17.0.0-rc-1 and 17.5.0-rc-1 and prior include a resource exhaustion vulnerability in REST API endpoints such as...

6.9CVSS5.8AI score0.00405EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2026/04/13 12:0 a.m.149 views

📄 XWiki Blog Cross Site Scripting

XWiki Blog versions prior to 9.15.7 suffer from a persistent cross site scripting vulnerability via the blog post title. CVE-2025-66024: XWiki Blog Application home page vulnerable to Stored XSS via Post Title Overview | Field | Details | |---|---| | CVE ID | CVE-2025-66024 | | Severity | HIGH | ...

9CVSS5.2AI score0.00353EPSS
Exploits3
GithubExploit
GithubExploit
added 2026/04/12 10:35 p.m.104 views

Exploit for SQL Injection in Xwiki

No d...

9.8CVSS5.8AI score0.8541EPSS
Exploits6
GithubExploit
GithubExploit
added 2026/04/11 7:15 p.m.128 views

Exploit for CVE-2025-66024

CVE-2025-66024: XWiki Blog Application home page vulnerable to...

8.6CVSS5.8AI score0.00353EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2026/04/11 1:21 a.m.5 views

CVE-2026-33229

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...

9.8CVSS6AI score0.0054EPSS
Exploits1References1
NVD
NVD
added 2026/04/08 4:16 p.m.17 views

CVE-2026-33229

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...

9.8CVSS0.0054EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/08 3:0 p.m.4 views

EUVD-2026-20478

XWiki vulnerable to remote code execution with script right through unprotected Velocity scripting API...

8.6CVSS6.5AI score0.0054EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/08 3:0 p.m.6 views

XWiki vulnerable to remote code execution with script right through unprotected Velocity scripting API

Impact An improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python scripts, allowing full access to the XWiki instance and thereby compromising the confidentiality, integrity and availability of...

9.8CVSS5.9AI score0.0054EPSS
Exploits1References6Affected Software2
OSV
OSV
added 2026/04/08 3:0 p.m.4 views

GHSA-H259-74H5-4RH9 XWiki vulnerable to remote code execution with script right through unprotected Velocity scripting API

Impact An improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python scripts, allowing full access to the XWiki instance and thereby compromising the confidentiality, integrity and availability of...

8.6CVSS5.9AI score0.0054EPSS
Exploits1References6
CVE
CVE
added 2026/04/08 2:53 p.m.23 views

CVE-2026-33229

XWiki Platform is affected by a remote-code-execution vulnerability due to an improperly protected scripting API that lets users with script right bypass the Velocity sandbox and run arbitrary code (e.g., Python scripts). This can grant full access to the XWiki instance, compromising confidential...

9.8CVSS6.1AI score0.0054EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/04/08 2:53 p.m.21 views

CVE-2026-33229 XWiki Platform affected by remote code execution with script right through unprotected Velocity scripting API

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...

8.6CVSS0.0054EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/04/08 2:53 p.m.1 views

CVE-2026-33229 XWiki Platform affected by remote code execution with script right through unprotected Velocity scripting API

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...

8.6CVSS6AI score0.0054EPSS
Exploits1References4
OSV
OSV
added 2026/04/08 2:53 p.m.4 views

CVE-2026-33229 XWiki Platform affected by remote code execution with script right through unprotected Velocity scripting API

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...

8.6CVSS7.3AI score0.0054EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.11 views

XWiki Platform 安全漏洞

The XWiki Platform is an open-source wiki platform designed for creating web collaboration applications. Versions of the XWiki Platform prior to 17.4.8 and 17.10.1 contained security vulnerabilities. These vulnerabilities stemmed from inadequate protection of the script API, allowing users with...

9.8CVSS6AI score0.0054EPSS
Exploits1References5
Rows per page
Query Builder