Lucene search
+L

100 matches found

Github Security Blog
Github Security Blog
added 2025/12/10 3:46 p.m.15 views

XWiki's REST APIs don't enforce any limits, leading to unavailability and OOM in large wikis

Impact XWiki's REST API doesn't enforce any limits for the number of items that can be requested in a single request at the moment. Depending on the number of pages in the wiki and the memory configuration, this can lead to slowness and unavailability of the wiki. As an example, the...

8.7CVSS6.8AI score0.00352EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2025/12/04 6:2 a.m.8 views

Cross-site Scripting (XSS)

com.liferay, com.liferay.mentions.web are vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied input in name-related text fields, which allows an attacker to inject malicious scripts that execute in various widgets or apps such as comments,...

5.4CVSS6.2AI score0.00205EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-5220

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.01752EPSS
Exploits1References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-6733

Malicious code in bioql PyPI...

9.8CVSS6.4AI score0.00532EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-24731

Malicious code in bioql PyPI...

4.3CVSS4.7AI score0.00945EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-5838

Malicious code in bioql PyPI...

3.1CVSS3.8AI score0.01302EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-26878

Malicious code in bioql PyPI...

4.9CVSS6.3AI score0.00691EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 10:5 p.m.7 views

CVE-2022-1417

Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs...

4.3CVSS6.4AI score0.00945EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 9:38 p.m.16 views

CVE-2025-32783 XWiki allows unregistered users to see "public" messages from a closed wiki via notifications from a different wiki

XWiki Platform is a generic wiki platform. A vulnerability in versions from 5.0 to 16.7.1 affects users with Message Stream enabled and a wiki configured as closed from selecting "Prevent unregistered users to view pages" in the Administrations Rights. The vulnerability is that any message sent i...

4.7CVSS6.3AI score0.00306EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/05/13 3:54 p.m.15 views

CVE-2024-34701 CreateWiki vulnerable to impersonation of wiki requester

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made...

5.9CVSS6.6AI score0.00647EPSS
Exploits0References6
NVD
NVD
added 2024/04/10 8:15 p.m.29 views

CVE-2024-31983

XWiki Platform is a generic wiki platform. In multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that are normally required for authoring translations script right for user-scope translations, wiki admin for translations on the wiki. Starting i...

9.9CVSS9.8AI score0.01447EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/04/10 7:44 p.m.39 views

CVE-2024-31983 XWiki Platform: Remote code execution from edit in multilingual wikis via translations

XWiki Platform is a generic wiki platform. In multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that are normally required for authoring translations script right for user-scope translations, wiki admin for translations on the wiki. Starting i...

9.9CVSS10AI score0.01447EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/04/10 7:44 p.m.21 views

CVE-2024-31983 XWiki Platform: Remote code execution from edit in multilingual wikis via translations

XWiki Platform is a generic wiki platform. In multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that are normally required for authoring translations script right for user-scope translations, wiki admin for translations on the wiki. Starting i...

9.9CVSS7.6AI score0.01447EPSS
Exploits1References5
OSV
OSV
added 2024/04/10 5:13 p.m.22 views

GHSA-XXP2-9C9G-7WMJ XWiki Platform: Remote code execution from edit in multilingual wikis via translations

Impact In multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that are normally required for authoring translations script right for user-scope translations, wiki admin for translations on the wiki. This can be exploited for remote code executio...

9.9CVSS9.5AI score0.01447EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2024/04/10 5:13 p.m.32 views

XWiki Platform: Remote code execution from edit in multilingual wikis via translations

Impact In multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that are normally required for authoring translations script right for user-scope translations, wiki admin for translations on the wiki. This can be exploited for remote code executio...

9.9CVSS8AI score0.01447EPSS
Exploits1References7Affected Software1
CNNVD
CNNVD
added 2024/04/10 12:0 a.m.7 views

XWiki Platform 安全漏洞

XWiki Platform is the XWiki Foundation's suite of Wiki platforms for creating Web collaboration applications. A security vulnerability exists in XWiki Platform, which stems from a database search in XWiki that allows remote code execution via search text. This allows any visitor to a public wiki ...

10CVSS9AI score0.3428EPSS
Exploits4References7
NVD
NVD
added 2024/03/28 2:15 p.m.17 views

CVE-2024-29897

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users with delete or suppressrevision on any wiki in the farm to access suppressed wiki requests by going to the request's entry on Special:RequestWikiQueue on the wiki where they have these rights. T...

4.9CVSS4.9AI score0.00708EPSS
Exploits0References4
OSV
OSV
added 2024/03/28 1:43 p.m.32 views

CVE-2024-29898 Oversight in fix for GHSA-4rcf-3cj2-46mq may have exposed suppressed wiki requests on private wikis

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the read permission...

4.9CVSS6.5AI score0.00691EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/03/28 1:43 p.m.18 views

CVE-2024-29898 Oversight in fix for GHSA-4rcf-3cj2-46mq may have exposed suppressed wiki requests on private wikis

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the read permission...

4.9CVSS6.6AI score0.00691EPSS
Exploits0References3
CVE
CVE
added 2024/03/28 1:43 p.m.77 views

CVE-2024-29898

The CVE-2024-29898 entry concerns Miraheze’s CreateWiki (MediaWiki extension). Affected behavior: during patching for CVE-2024-29897, an oversight could cause suppressed wiki requests listed on Special:RequestWikiQueue to be accessible to users on private wikis who had the (read) permission not r...

6.5CVSS4.8AI score0.00708EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder