Lucene search
K

6 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-54677

Malicious code in bioql PyPI...

9.8CVSS6.4AI score0.00431EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2025/07/18 12:0 a.m.3 views

XWiki 1.0 < 15.10.16, 16.0.0-rc-1 < 16.4.7, 16.5.0-rc-1 < 16.10.2 SQLi Vulnerability (GHSA-prwh-7838-xf82)

Xwiki is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescriptio...

9.8CVSS7.8AI score0.00431EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/14 3:15 p.m.5 views

CVE-2024-56158

XWiki is a generic wiki platform. It's possible to execute any SQL query in Oracle by using the function like DBMSXMLGEN or DBMSXMLQUERY. The XWiki query validator does not sanitize functions that would be used in a simple select and Hibernate allows using any native function in an HQL query. Thi...

9.8CVSS6.8AI score0.00431EPSS
Exploits0References1
OSV
OSV
added 2025/06/12 9:52 p.m.6 views

GHSA-PRWH-7838-XF82 XWiki allows SQL injection in query endpoint of REST API with Oracle

Impact It's possible to execute any SQL query in Oracle by using the function like DBMSXMLGEN or DBMSXMLQUERY. The XWiki query validator does not sanitize functions that would be used in a simple select and Hibernate allows using any native function in an HQL query. Patches This has been patched ...

9.3CVSS7.4AI score0.00431EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/06/12 2:56 p.m.20 views

CVE-2024-56158 XWiki allows SQL injection in query endpoint of REST API with Oracle

XWiki is a generic wiki platform. It's possible to execute any SQL query in Oracle by using the function like DBMSXMLGEN or DBMSXMLQUERY. The XWiki query validator does not sanitize functions that would be used in a simple select and Hibernate allows using any native function in an HQL query. Thi...

9.3CVSS7.4AI score0.00431EPSS
Exploits0References3
CVE
CVE
added 2025/06/12 2:56 p.m.113 views

CVE-2024-56158

CVE-2024-56158 affects XWiki; SQL injection arises via Oracle DBMS_XMLGEN/DBMS_XMLQUERY usage where the query validator does not sanitize functions in a simple select and Hibernate allows native functions in HQL. Affected versions are XWiki prior to 16.10.2, 16.4.7, and 15.10.16; remediation is t...

9.8CVSS7.4AI score0.00431EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder