74 matches found
EUVD-2025-12741
Malicious code in bioql PyPI...
EUVD-2025-16054
Malicious code in bioql PyPI...
EUVD-2023-3271
Malicious code in bioql PyPI...
EUVD-2025-12743
Malicious code in bioql PyPI...
GHSA-9875-CW22-F7CX XWiki allows remote code execution through default value of wiki macro wiki-type parameters
Impact Any user with edit right on a page could be the user's profile can execute code Groovy, Python, Velocity with programming right by defining a wiki macro. This allows full access to the whole XWiki installation and thus impacts its confidentiality, integrity and availability. The main probl...
CVE-2025-49586
XWiki is an open-source wiki software platform. Any XWiki user with edit right on at least one App Within Minutes application the default for all users XWiki can obtain programming right/perform remote code execution by editing the application. This vulnerability has been fixed in XWiki 17.0.0,...
CVE-2025-49581
XWiki is a generic wiki platform. Any user with edit right on a page could be the user's profile can execute code Groovy, Python, Velocity with programming right by defining a wiki macro. This allows full access to the whole XWiki installation. The main problem is that if a wiki macro parameter...
CVE-2025-49581
CVE-2025-49581 (XWiki) : A user with edit rights can cause remote code execution by defining a wiki macro whose parameter accepts wiki syntax, and whose default value is executed with the rights of the document author (the macro caller). By overriding a macro such as the children macro on a page ...
PT-2025-25438 · Xwiki · Xwiki
Name of the Vulnerable Software and Affected Versions: XWiki versions prior to 16.4.7 XWiki versions prior to 16.10.3 XWiki versions prior to 17.0.0 Description: The issue allows any XWiki user with edit rights on at least one App Within Minutes application to obtain programming rights and perfor...
CVE-2025-48063
XWiki is a generic wiki platform. In XWiki 16.10.0, required rights were introduced as a way to limit which rights a document can have. Part of the security model of required rights is that a user who doesn't have a right also cannot define that right as required right. That way, users who are...
CVE-2024-55662
XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-1 and prior to versions 15.10.9 and 16.3.0, on instances where Extension Repository Application is installed, any user can execute any code requiring programming rights on the server. This vulnerability has been fixed in...
CVE-2024-31987
XWiki Platform is a generic wiki platform. Starting in version 6.4-milestone-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, any user who can edit any page like their profile can create a custom skin with a template override that is executed with programming right, thus allowing remote...
CVE-2023-26056
XWiki Platform is a generic wiki platform. Starting in version 3.0-milestone-1, it's possible to execute a script with the right of another user, provided the target user does not have programming right. The problem has been patched in XWiki 14.8-rc-1, 14.4.5, and 13.10.10. There are no known...
CVE-2023-50723
XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, anyone who can edit an arbitrary wiki page in an XWiki installation can gain programming right through several cases of missing escaping in the code for displaying sections in the...
GHSA-RHFV-688C-P6HP XWiki Platform Security Authorization Bridge allows users with just edit right can enforce required rights with programming right
Impact In XWiki 16.10.0, required rights were introduced as a way to limit which rights a document can have. Part of the security model of required rights is that a user who doesn't have a right also cannot define that right as required right. That way, users who are editing documents on which...
XWiki Platform Security Authorization Bridge allows users with just edit right can enforce required rights with programming right
Impact In XWiki 16.10.0, required rights were introduced as a way to limit which rights a document can have. Part of the security model of required rights is that a user who doesn't have a right also cannot define that right as required right. That way, users who are editing documents on which...
CVE-2025-48063
XWiki is a generic wiki platform. In XWiki 16.10.0, required rights were introduced as a way to limit which rights a document can have. Part of the security model of required rights is that a user who doesn't have a right also cannot define that right as required right. That way, users who are...
CVE-2025-48063
XWiki 16.10.0 is vulnerable: any user with edit rights on a document can set programming right as a required right. If a user with programming right later edits that document, the content gains programming right, enabling remote code execution. The issue is mitigated only by upgrading to 16.10.4 ...
CVE-2025-48063 XWiki Platform Security Authorization Bridge allows users with just edit right can enforce required rights with programming right
XWiki is a generic wiki platform. In XWiki 16.10.0, required rights were introduced as a way to limit which rights a document can have. Part of the security model of required rights is that a user who doesn't have a right also cannot define that right as required right. That way, users who are...
CVE-2025-48063 XWiki Platform Security Authorization Bridge allows users with just edit right can enforce required rights with programming right
XWiki is a generic wiki platform. In XWiki 16.10.0, required rights were introduced as a way to limit which rights a document can have. Part of the security model of required rights is that a user who doesn't have a right also cannot define that right as required right. That way, users who are...