Lucene search
K

8 matches found

OSV
OSV
added 2026/06/12 7:32 p.m.8 views

GHSA-QCMW-6RM2-5X78 TYPO3 CMS has Broken Access Control in its DataHandler

Problem Backend users were able to move records to a different page without having edit permissions on the source page. Solution Update to TYPO3 versions 13.4.31 LTS, 14.3.3 LTS that fix the problem described. Credits TYPO3 CMS thanks Hyunseo Shin for reporting this issue, and TYPO3 security team...

5.3CVSS5.3AI score0.00238EPSS
Exploits0References7
CVE
CVE
added 2026/06/09 10:52 a.m.25 views

CVE-2026-47350

Technical details about CVE-2026-47350 are not publicly available in the provided documents. Monitor for updates.

5.3CVSS5.5AI score0.00238EPSS
Exploits0References3
NVD
NVD
added 2025/11/19 6:15 p.m.12 views

CVE-2025-65089

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to version 1.27.0, a user with no view rights on a page may see the content of an office attachment displayed with the view file macro. This issue has been patched in version 1.27.0...

6.8CVSS0.00258EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/11/18 7:2 p.m.8 views

XWiki view file macro: User can view content of office file without view rights on the attachment

Summary A user with no view rights on a page may see the content of an office attachment displayed with the view file macro. Details If on a public page is displayed an office attachment from a restricted page, a user with no view rights on the restricted page can view the attachment content, no...

6.8CVSS6.8AI score0.00258EPSS
Exploits0References3Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2025/09/04 12:0 a.m.17 views

VulnCheck KEV: CVE-2025-29925

XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, protected pages are listed when requesting the REST endpoints /rest/wikis/wikiName/pages even if the user doesn't have view rights on them. It's particularly true if the entire wiki is protected with "Prevent...

8.7CVSS5.8AI score0.00906EPSS
In wildExploits1References2
Prion
Prion
added 2022/11/22 1:15 a.m.13 views

Code injection

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The application allows anyone with view access to modify any page of the wiki by importing a crafted XAR package. The problem has been patched in XWiki 14.6RC1, 14.6 and 13.10.8. As a...

5.5CVSS7.8AI score0.00732EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/21 12:0 a.m.5 views

PT-2022-26168 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 13.10.8 XWiki Platform versions prior to 14.6 Description: The XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The application allows anyone with view...

9.6CVSS8.1AI score0.00732EPSS
Exploits0References10
OSV
OSV
added 2022/09/20 9:18 p.m.27 views

GHSA-GG53-WF5X-R3R6 XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference

Impact A bug in the security cache is storing rules associated to document Page1.Page2 and space Page1.Page2 in the same cache entry. That means that it's possible to overwrite the rights of a space or a document by creating the page of the space with the same name and checking the right of the n...

7.1CVSS6.5AI score0.0067EPSS
Exploits1References5
Rows per page
Query Builder