org.xwiki.platform

231 tracked vulnerabilities.

CVE-2025-48063 HIGH
XWiki 16.10.0-16.10.3 - Authenticated Remote Code Execution via Required Rights Bypass
May 21, 2025
CVSS 8.8
EPSS 0.05
CVE-2025-46557 CRITICAL
XWiki <15.10.14, <16.4.6, <16.10.0-rc-1 - Privilege Escalation
Apr 30, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-46554 MEDIUM NUCLEI
XWiki <14.10.22, <15.10.12, <16.4.3, <16.7.0 - Info Disclosure
Apr 30, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-32974 CRITICAL
XWiki 15.9-15.10.7 and 16.0.0-16.1.0 - Privilege Escalation via TextArea Default Content Type
Apr 30, 2025
CVSS 9.0
EPSS 0.01
CVE-2025-32973 CRITICAL
XWiki 15.9-15.10.12, 16.0.0-16.4.3, 16.5.0-16.8.0-rc-1 - Missing Authorization for Programming Rights
Apr 30, 2025
CVSS 9.0
EPSS 0.02
CVE-2025-32972 LOW
XWiki 6.1-15.10.11, 16.0.0-16.4.2, 16.5.0-16.7.0 - Authenticated Cache Clearing via LESS Compiler
Apr 30, 2025
CVSS 2.7
EPSS 0.00
CVE-2025-32971 LOW
XWiki 4.5.1-15.10.12, 16.0.0-rc-1-16.4.3, 16.5.0-rc-1-16.8.0-rc-1 - Incorrect Authorization in Solr Script Service
Apr 30, 2025
CVSS 3.8
EPSS 0.00
CVE-2025-32970 MEDIUM NUCLEI
XWiki WYSIWYG API - Open Redirect
Apr 30, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-32969 CRITICAL NUCLEI
XWiki REST API Query - SQL Injection
Apr 23, 2025
CVSS 9.8
EPSS 0.31
CVE-2025-32968 HIGH
XWiki 1.6-15.10.15, 16.0-16.4.5, 16.5-16.10.0 - Authenticated Blind SQL Injection via HQL Query
Apr 23, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-32783 MEDIUM
XWiki 5.0-16.7.1 - Unintended Message Exposure via Message Stream Feature
Apr 16, 2025
CVSS 4.7
EPSS 0.00
CVE-2025-29926 CRITICAL
XWiki Platform <15.10.15, <16.4.6, <16.10.0 - Info Disclosure
Mar 19, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-29925 MEDIUM NUCLEI
XWiki REST API - Private Pages Disclosure
Mar 19, 2025
CVSS 5.3
EPSS 0.01
CVE-2025-29924 HIGH
XWiki Platform <15.10.14, 16.4.6, 16.10.0-rc-1 - Info Disclosure
Mar 19, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-24893 CRITICAL KEVNUCLEI
XWiki Platform - Remote Code Execution
Feb 20, 2025
CVSS 9.8
EPSS 0.94
CVE-2025-23025 CRITICAL
XWiki 13.9-15.10.12 - Missing Authorization in Realtime WYSIWYG Editor
Jan 14, 2025
CVSS 9.0
EPSS 0.02
CVE-2024-56158 CRITICAL
XWiki < 15.10.16 - SQL Injection via Oracle DBMS_XMLGEN Function
Jun 12, 2025
CVSS 9.8
EPSS 0.02
CVE-2024-55879 CRITICAL
XWiki 2.3-15.10.8 and 16.0.0-16.2.0 - Authenticated Remote Code Execution via ConfigurableClass Instance Addition
Dec 12, 2024
CVSS 9.1
EPSS 0.20
CVE-2024-55877 CRITICAL
XWiki 9.7-15.10.10 - Authenticated Remote Code Execution via WikiMacroClass Instance Injection
Dec 12, 2024
CVSS 9.9
EPSS 0.33
CVE-2024-55876 MEDIUM
XWiki 1.2.1-15.10.8 and 16.0.0-16.2.9 - Missing Authorization in Scheduler Operations
Dec 12, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-55663 CRITICAL
XWiki Platform <13.10.5-14.3-rc-1 - SQL Injection
Dec 12, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-55662 CRITICAL
XWiki 3.3-15.10.8 - Unauthenticated Remote Code Execution via Extension Repository Application
Dec 12, 2024
CVSS 9.9
EPSS 0.13
CVE-2024-46979 MEDIUM
XWiki 13.2-14.10.20 Unauthorized Access via NotificationFilterPreferenceLivetableResults
Sep 18, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-46978 MEDIUM
XWiki Platform <14.10.21 - Info Disclosure
Sep 18, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-45591 MEDIUM NUCLEI
XWiki 1.8-15.10.8 - Unauthenticated Exposure of Private Personal Information via REST API
Sep 10, 2024
CVSS 5.3
EPSS 0.86
Products
xwiki-platform-oldcore 45 xwiki-platform-web-templates 23 xwiki-platform-web 15 xwiki-platform-administration-ui 11 xwiki-platform-rest-server 10 xwiki-platform-flamingo-skin-resources 6 xwiki-platform-appwithinminutes-ui 5 xwiki-platform-distribution-war 5 xwiki-platform-legacy-oldcore 5 xwiki-platform-attachment-ui 4 xwiki-platform-flamingo-theme-ui 4 xwiki-platform-livetable-ui 4 xwiki-platform-notifications-ui 4 xwiki-platform-scheduler-ui 4 xwiki-platform-search-ui 4 xwiki-platform-skin-skinx 4 xwiki-platform-wiki-ui-mainwiki 4 xwiki-platform-icon-ui 3 xwiki-platform-invitation-ui 3 xwiki-platform-panels-ui 3 xwiki-platform-search-solr-api 3 xwiki-platform-security-requiredrights-default 3 xwiki-platform 2 xwiki-platform-administration 2 xwiki-platform-filter-ui 2 xwiki-platform-help-ui 2 xwiki-platform-livedata-macro 2 xwiki-platform-localization-source-wiki 2 xwiki-platform-menu-ui 2 xwiki-platform-notifications-notifiers-default 2
Quick Filters
Critical CVEs With Exploits In CISA KEV