Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / xwiki

xwiki

285 tracked vulnerabilities.

CVE-2026-33137 CRITICAL

XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}

CVE-2026-23734 CRITICAL

XWiki Platform: Path traversal via resources parameter in ssx and jsx endpoints when using leading slash

CVE-2026-40105 MEDIUM NUCLEI

XWiki has Reflected Cross-Site Scripting (XSS) in its page history compare functionality

CVE-2026-40104 HIGH

XWiki's REST APIs can list all pages/spaces, leading to unavailability

CVE-2026-33229 CRITICAL

XWiki Platform affected by remote code execution with script right through unprotected Velocity scripting API

CVE-2026-26000 MEDIUM

XWiki Platform <17.9.0, <17.4.6, <16.10.13 - XSS

CVE-2026-24128 MEDIUM NUCLEI

XWiki Platform 7.0-milestone-2-16.10.11, 17.0.0-rc-1-17.4.4, 17.5.0-rc-1-17.7.0 - Reflected Cross-Site Scripting

CVE-2025-51846 HIGH

CryptPad unbounded WebSocket frame flood

CVE-2025-66024 CRITICAL

XWiki Blog Application < 9.15.7 - Stored Cross-Site Scripting via Blog Post Title

CVE-2025-65091 CRITICAL

XWiki Full Calendar Macro < 2.4.5 - SQL Injection

CVE-2025-65090 MEDIUM

XWiki Full Calendar Macro < 2.4.6 - Unauthenticated Exposure of Sensitive Information via Calendar.JSONService

CVE-2025-66474 HIGH

XWiki Rendering < 16.10.10, 17.0.0-rc-1-17.4.2, 17.5.0-rc-1-17.5.0 - Remote Code Execution via HTML Macro Injection

CVE-2025-66473 HIGH

XWiki < 16.10.11 - Denial of Service via Unrestricted REST API Item Requests

CVE-2025-66472 MEDIUM NUCLEI

XWiki Platform <16.10.9, <17.0.0-rc-1 to <17.4.1 - XSS

CVE-2025-65036 HIGH

XWiki Remote Macros < 1.27.1 - Remote Code Execution via Unauthorized Velocity Execution

CVE-2025-55749 HIGH NUCLEI

XWiki <16.10.11, 17.4.4, 17.7.0 - Info Disclosure

CVE-2025-65089 MEDIUM

XWiki Remote Macros < 1.27.0 - Missing Authorization in View File Macro

CVE-2025-52472 CRITICAL NUCLEI

XWiki Platform 4.3-milestone-1-16.10.8, 17.0.0-rc-1-17.4.1 - SQL Injection via REST Search orderField Parameter

CVE-2025-55728 CRITICAL

XWiki Remote Macros 1.0-1.26.4 - Remote Code Execution via Panel Macro Classes Parameter

CVE-2025-55727 CRITICAL

XWiki Remote Macros 1.0-1.26.4 - Remote Code Execution via Column Macro Width Parameter

CVE-2025-55748 HIGH NUCLEI

XWiki Platform <16.10.6 - Info Disclosure

CVE-2025-55747 CRITICAL NUCLEI

XWiki Platform <16.10.6 - Info Disclosure

CVE-2025-58049 MEDIUM

XWiki Platform <16.4.8-17.4.0-rc-1 - Info Disclosure

CVE-2025-51991 HIGH NUCLEI

XWiki < 17.3.0 - Authenticated Server-Side Template Injection in HTTP Meta Info Field

CVE-2025-51990 MEDIUM NUCLEI

XWiki < 17.3.0 - Authenticated Stored Cross-Site Scripting in Administration Presentation Fields

Page 1 of 12 Next

Products

xwiki 248 cryptpad 5 pro_macros 5 commons 4 xwiki-platform 4 xwiki-rendering 4 pdf_viewer_macro 3 change_request 2 ckeditor_integration 2 full_calendar_macro 2 admin_tools 1 application-collabora 1 application_licensing 1 blog_application 1 confluence_migrator 1 oauth_identity 1 openid_connect 1 org.xwiki.platform:xwiki-platform-legacy-oldcore 1 org.xwiki.platform:xwiki-platform-oldcore 1 rendering 1 wiki-platform 1 xwiki-commons 1 xwiki_enterprise 1 xwiki_watch 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy