CVE-2026-33229

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...

CVE-2026-33229

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...

XWiki vulnerable to remote code execution with script right through unprotected Velocity scripting API

Impact An improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python scripts, allowing full access to the XWiki instance and thereby compromising the confidentiality, integrity and availability of...

GHSA-H259-74H5-4RH9 XWiki vulnerable to remote code execution with script right through unprotected Velocity scripting API

Impact An improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python scripts, allowing full access to the XWiki instance and thereby compromising the confidentiality, integrity and availability of...

EUVD-2026-20478

XWiki vulnerable to remote code execution with script right through unprotected Velocity scripting API...

CVE-2026-33229

XWiki Platform (before versions 17.4.8 and 17.10.1) contains an improperly protected Velocity scripting API that lets any user with script right bypass the sandbox and execute code (e.g., arbitrary Python scripts), granting full access to the instance and compromising confidentiality, integrity, ...

CVE-2026-33229 XWiki Platform affected by remote code execution with script right through unprotected Velocity scripting API

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...

EUVD-2022-44886

Malicious code in bioql PyPI...

EUVD-2024-0711

Malicious code in bioql PyPI...

CVE-2024-24131

SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting XSS vulenrability via the component api.php...

CVE-2025-2335

A vulnerability classified as problematic was found in Drivin Soluções up to 20250226. This vulnerability affects unknown code of the file /api/school/registerSchool of the component API Handler. The manipulation of the argument message leads to cross site scripting. The attack can be initiated...

PT-2025-3104 · Unknown · Vaultwarden

Name of the Vulnerable Software and Affected Versions: Vaultwarden version 1.32.5 Description: The issue is related to an authenticated reflected Cross-Site Scripting XSS vulnerability. This vulnerability is present in the /api/core/mod.rs component. Recommendations: For Vaultwarden version 1.32....

Malicious code in @immersive-composer/scripting-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2233da6392d5236f2eef2af2c3d9c689abc328d9c0efbd25177ecbecee1a8ae5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-354 Malicious code in @immersive-composer/scripting-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2233da6392d5236f2eef2af2c3d9c689abc328d9c0efbd25177ecbecee1a8ae5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

VMWare poor guest isolation design

I have run across a design issue in VMware's scripting automation API that diminishes VM guest/host isolation in such a manner to facilitate privilege escalation, spreading of malware, and compromise of guest operating systems. VMware's scripting API allows a malicious script on the host machine ...