Tiki Wiki CMS Groupware 5.2 - Local File Inclusion

Tiki Wiki CMS Groupware 5.2 is susceptible to a local file inclusion vulnerability. id: CVE-2010-4239 info: name: Tiki Wiki CMS Groupware 5.2 - Local File Inclusion author: 0xakoko severity: critical description: Tiki Wiki CMS Groupware 5.2 is susceptible to a local file inclusion vulnerability...

Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting

Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site scripting via the GET "ajax" parameter to snarfajax.php. id: CVE-2011-4336 info: name: Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting author: pikpikcu severity: medium description: Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site...

Tiki Wiki CMS GroupWare - Authentication Bypass

tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts. id: CVE-2020-15906 info: name: Tiki Wiki CMS GroupWare - Authentication Bypass author: JeonSungHyunnukunga,gy741,oIfloraIo,nechyo,harksu severity: critical description: | tiki-login.php in...

EUVD-2026-36613

OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that allows authenticated Gateway operators with operator.write scope to read local files outside intended ingest sources. Attackers with operator.write access can specify arbitrary local file...

CVE-2026-53825

OpenClaw prior to 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature. Authenticated Gateway operators with operator.write scope can specify arbitrary local file paths to import content into wiki memory, bypassing access restrictions and reading local files ou...

CVE-2026-53825 OpenClaw < 2026.4.7 - Arbitrary Local File Read via memory-wiki Ingest with operator.write Scope

OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that allows authenticated Gateway operators with operator.write scope to read local files outside intended ingest sources. Attackers with operator.write access can specify arbitrary local file...

CVE-2026-53825 OpenClaw < 2026.4.7 - Arbitrary Local File Read via memory-wiki Ingest with operator.write Scope

OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that allows authenticated Gateway operators with operator.write scope to read local files outside intended ingest sources. Attackers with operator.write access can specify arbitrary local file...

PT-2026-49029

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.7 Description The memory-wiki ingest feature allows authenticated Gateway operators with operator.write scope to read local files outside of the intended ingest sources. By specifying arbitrary local file path...

Gitlab -- vulnerabilities

Gitlab reports: Improper Access Control issue in Duo AI workflow runners impacts GitLab EE Denial of Service issue in Wiki impacts GitLab CE/EE Incorrect Authorization issue in GraphQL WorkItem API impacts GitLab CE/EE Improper Authorization issue in Duo Workflows API impacts GitLab EE Missing...

CVE-2026-33137

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform is a generic wiki platform. In versions starting with 15.10.6 and prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17, the POST /wikis/wikiName API executes a XAR import without...

XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}

Impact POST /wikis/wikiName executes a XAR import without performing any authentication or authorization checks, allowing an unauthenticated attacker to create or update documents in the target wiki Patches This vulnerability has been patched in XWiki 16.10.17, 17.4.9, 17.10.3, 18.0.1 and...

Exploit for CVE-2026-33137

CVE-2026-33137 XWiki Platform - Unauthenticated XAR Import...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the POST /wikis/wikiName endpoint. An attacker can create or update documents in the target wiki by sending unauthenticated requests to the affected REST endpoint. Remediation Upgrade...

EUVD-2026-31157

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform is a generic wiki platform. In versions prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17, the POST /wikis/wikiName API executes a XAR import without performing any...

CVE-2026-33137 XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform is a generic wiki platform. In versions starting with 15.10.6 and prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17, the POST /wikis/wikiName API executes a XAR import without...

CVE-2026-33137

CVE-2026-33137 — XWiki Platform : The issue affects XWiki Platform where, in versions prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17, the POST /wikis/{wikiName} API performs a XAR import without authentication or authorization checks, allowing an unauthenticated attacker to create or update ...

Resource Exhaustion

XWiki Platform is vulnerable to Resource Exhaustion. The vulnerability is due to missing query limits in REST API endpoints that enumerate database list properties, which allows an attacker to exhaust server resources by triggering large unbounded queries on large wiki instances...

CVE-2026-34094 Customized help link for page protection indicator is relative to subpage name, because the link target is missing the "/wiki/" prefix

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...

CVE-2026-34094

CVE-2026-34094 affects Wikimedia Foundation MediaWiki prior to 1.43.7, 1.44.4, and 1.45.2. The issue is in the Page/Article.Php path where a Customized help link for a page protection indicator is relative to the subpage name because the link target is missing the "/wiki/" prefix. This describes ...

CVE-2026-34094 Customized help link for page protection indicator is relative to subpage name, because the link target is missing the "/wiki/" prefix

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...