CVE-2019-25432 Part-DB 0.4 Authentication Bypass via login.php

Part-DB 0.4 contains an authentication bypass vulnerability that allows unauthenticated attackers to login by injecting SQL syntax into authentication parameters. Attackers can submit a single quote followed by 'or' in the login form to bypass credential validation and gain unauthorized access to...

CVE-2023-29525

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Affected versions of xwiki are subject to code injection in the since parameter of the /xwiki/bin/view/XWiki/Notifications/Code/LegacyNotificationAdministration endpoint. This provides an XWik...

CVE-2023-45144

com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the GET request is vulnerable to cross site scripting XSS and XWiki syntax...

EUVD-2019-0717

Malware in sbrugna...

EUVD-2023-2744

Malicious code in bioql PyPI...

EUVD-2025-27427

Malicious code in bioql PyPI...

CVE-2025-55727

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the width parameter in the column macro allows remote code execution for any user who can edit any page or who can...

CVE-2025-55730 XWiki Remote Macros vulnerable to remote code execution using the confluence paste code macro

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the title in the confluence paste code macro allows remote code execution for any user who can edit any page. The...

CVE-2025-55727 XWiki Remote Macros vulnerable to remote code execution from width parameter in the column macro

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the width parameter in the column macro allows remote code execution for any user who can edit any page or who can...

CVE-2024-31996

XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, the HTML escaping of escaping tool that is used in XWiki doesn't escape , which, when used in certain places, allows XWiki syntax injection and thereby remote code execution...

XWiki 3.0.1 < 14.10.19, 15.0-rc-1 < 15.5.4, 15.6-rc-1 < 15.9 RCE Vulnerability (GHSA-hf43-47q4-fhq5)

Xwiki is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

CVE-2024-31996 XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution

XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, the HTML escaping of escaping tool that is used in XWiki doesn't escape , which, when used in certain places, allows XWiki syntax injection and thereby remote code execution...

CVE-2024-31996 XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution

XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, the HTML escaping of escaping tool that is used in XWiki doesn't escape , which, when used in certain places, allows XWiki syntax injection and thereby remote code execution...

CVE-2024-31996

CVE-2024-31996 affects XWiki Platform (XWiki Commons). The issue is improper escaping in the HTML escapetool used by XWiki, which fails to escape the “{” character, enabling syntax injection and remote code execution. Affected versions start at 3.0.1 and extend up to 4.10.19, 15.5.4, and 15.10-rc...

CVE-2024-31996 XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution

XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, the HTML escaping of escaping tool that is used in XWiki doesn't escape , which, when used in certain places, allows XWiki syntax injection and thereby remote code execution...

GHSA-HF43-47Q4-FHQ5 XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution

Impact The HTML escaping of escaping tool that is used in XWiki doesn't escape , which, when used in certain places, allows XWiki syntax injection and thereby remote code execution. To reproduce in an XWiki installation, open...

XWiki Platform 安全漏洞

XWiki Platform is the XWiki Foundation's suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform that stems from an escape tool used in XWiki that does not escape , which when used in certain places, allows XWiki syntax injection to...

Run Shell Command allows Cross-Site Request Forgery

Impact A cross site request forgery vulnerability in the admin tool for executing shell commands on the server allows an attacker to execute arbitrary shell commands by tricking an admin into loading the URL with the shell command. A very simple possibility for an attack are comments. When the...

XWiki Identity Oauth Privilege escalation (PR)/remote code execution from login screen through unescaped URL parameter

Impact When login via the OAuth method, the identityOAuth parameters, sent in a GET request is vulnerable to XSS and XWiki syntax injection. This allows remote code execution via the groovy macro and thus affects the confidentiality, integrity and availability of the whole XWiki installation. The...

PT-2024-24346 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 3.0.1 through 4.10.18 XWiki Platform versions 15.5.4 and earlier XWiki Platform versions prior to 15.10-rc-1 Description: The HTML escaping tool used in XWiki does not escape , which can allow XWiki syntax injection an...