XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}

Impact POST /wikis/wikiName executes a XAR import without performing any authentication or authorization checks, allowing an unauthenticated attacker to create or update documents in the target wiki Patches This vulnerability has been patched in XWiki 16.10.17, 17.4.9, 17.10.3, 18.0.1 and...

XWiki Platform 安全漏洞

The XWiki Platform is an open-source wiki platform used for creating web collaboration applications. Vulnerabilities exist in versions of the XWiki Platform prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17. These vulnerabilities stem from the POST /wikis/wikiName API not performing...

CVE-2026-33301

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An arbitrary file read...

EUVD-2025-8081

Malicious code in bioql PyPI...

CVE-2025-44643

creationtimestamp| type| source ---|---|--- 2025-08-04 17:28:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lvlprd5g3s2c...

GHSA-334P-WV2M-W3VP

creationtimestamp| type| source ---|---|--- 2025-07-16 07:00:17+00:00| seen| https://gist.github.com/safer-bot/26a09b8c51878f5ec9a6e89f5b7d58cb...

GHSA-RCJJ-H6GH-JF3R

creationtimestamp| type| source ---|---|--- 2025-07-16 06:55:31+00:00| seen| https://gist.github.com/safer-bot/d9797f0aff4e030dd91427990bb06340 2025-07-16 19:02:07+00:00| seen| https://gist.github.com/safer-bot/a2afbfbe4d7c899c99feb8c00f281456...

CVE-2025-7620

CVE-2025-7620 concerns Digitware System Integration Corporation's cross-browser document creation component. The vulnerability allows remote code execution when a user visits a malicious site while the component is active, enabling download and execution of arbitrary programs on the system. Publi...

DSIC Cross-browser Components for Official Document Creation 安全漏洞

DSIC Cross-browser Components for Official Document Creation is a browser plug-in from Dewei DSIC Corporation of Taiwan, China. A security vulnerability exists in DSIC Cross-browser Components for Official Document Creation that originates from remote code execution and could lead to the download...

PT-2025-29416 · Digitware System Integration · Digitware System Integration Corporation Cross-Browser Document Creation

Name of the Vulnerable Software and Affected Versions: Digitware System Integration Corporation cross-browser document creation component affected versions not specified Description: The cross-browser document creation component developed by Digitware System Integration Corporation has a Remote...

GHSA-9VFW-WX65-C872

creationtimestamp| type| source ---|---|--- 2025-07-07 19:47:32+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114813675213683577...

GHSA-6G6M-M6H5-W9GF

creationtimestamp| type| source ---|---|--- 2025-06-06 23:11:11+00:00| seen| https://gist.github.com/zhenthebuilder/796766496fd40b2efb4ad88864ee96cb...

CVE-2024-28956

creationtimestamp| type| source ---|---|--- 2025-05-12 15:18:15+00:00| seen| https://seclists.org/oss-sec/2025/q2/121 2025-05-12 17:32:53+00:00| seen| https://bsky.app/profile/gcpweekly.bsky.social/post/3loyiuejv6m2d 2025-05-12 18:02:37+00:00| seen|...

CVE-2025-3245

creationtimestamp| type| source ---|---|--- 2025-04-04 12:36:48+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/10436 2025-04-04 13:07:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3llyicilhad2u 2025-04-04 16:20:54+00:00| seen|...

CERTFR-2019-ALE-010

creationtimestamp| type| source ---|---|--- 2025-01-29 16:30:25+00:00| seen| https://bsky.app/profile/tuxpanik.bsky.social/post/3lgvfdt7u7v2g...

CERTFR-2018-ALE-002

creationtimestamp| type| source ---|---|--- 2025-01-29 16:23:38+00:00| seen| https://bsky.app/profile/tuxpanik.bsky.social/post/3lgvexo7ogf2g...

GHSA-MH2X-FCQH-FMQV

creationtimestamp| type| source ---|---|--- 2024-11-25 19:18:26+00:00| seen| https://infosec.exchange/users/cve/statuses/113545203299807277...

XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled

Impact When document names are validated according to a name strategy disabled by default, XWiki is vulnerable to a reflected XSS attack in the page creation form. To reproduce, make sure that "Validate names before saving" is enabled in the administration under "Editing" - "Name strategies" and...

CVE-2023-45134 XWiki Platform XSS vulnerability from account in the create page form via template provider

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. org.xwiki.platform:xwiki-platform-web starting in version 3.1-milestone-1 and prior to 13.4-rc-1, org.xwiki.platform:xwiki-platform-web-templates prior to versions 14.10.2 and 15.5-rc-1, and...

PT-2023-29860 · Frappe · Frappe

Name of the Vulnerable Software and Affected Versions: Frappe versions prior to 14.49.0 Description: Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and an integrated client side library. A malicious Frappe user with desk access could create...