Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / xwiki

xwiki

285 tracked vulnerabilities.

CVE-2025-54125 MEDIUM NUCLEI

XWiki Platform <17.1.0 - Info Disclosure

CVE-2025-54124 MEDIUM

XWiki Platform <17.1.0 - Info Disclosure

CVE-2025-32430 MEDIUM NUCLEI

XWiki Platform - Cross-Site Scripting

CVE-2025-54385 CRITICAL

XWiki < 16.10.6 - SQL Injection via Hibernate Query Sanitization Bypass

CVE-2025-32429 CRITICAL NUCLEI

XWiki Platform - SQL Injection

CVE-2025-53836 CRITICAL

XWiki Rendering <13.10.11-14.4.7-14.10 - RCE

CVE-2025-53835 CRITICAL

XWiki 5.4.5-14.10 - Stored Cross-Site Scripting via Raw Block HTML Injection

CVE-2025-49591 CRITICAL

CryptPad < 2025.3.0 - Two-Factor Authentication Bypass via URL-Encoded Path Parameter

CVE-2025-49590 MEDIUM

CryptPad < 2025.3.0 - Cross-Site Scripting via Link Bouncer Bypass

CVE-2025-49587 HIGH

XWiki 15.9-15.10.15 - Stored Cross-Site Scripting via Notification Displayer Object

CVE-2025-49586 HIGH

XWiki 7.3-16.4.6 - Authenticated Remote Code Execution via App Within Minutes Application Edit

CVE-2025-49585 HIGH

XWiki - Code Injection via XClass Definition

CVE-2025-49584 HIGH

XWiki <16.4.6, 16.5.0-rc-1, 16.10.2, 17.0.0-rc-1 - Info Disclosure

CVE-2025-49583 LOW

XWiki < 15.10.16 - Insufficient UI Warning of Dangerous Operations in Notification Email Renderer

CVE-2025-49582 HIGH

XWiki 15.9-16.4.6 - Insufficient UI Warning of Dangerous Operations in Macro Parameter Analysis

CVE-2025-49581 HIGH

XWiki Wiki Macro Parameters - Programming Rights Code Execution

CVE-2025-49580 HIGH

XWiki 7.4.5-16.4.6, 16.10.0-16.10.3, 17.0.0-rc-1-17.0.0 - Incorrect Privilege Assignment via Page Link Renaming

CVE-2025-48063 HIGH

XWiki 16.10.0-16.10.3 - Authenticated Remote Code Execution via Required Rights Bypass

CVE-2025-46558 CRITICAL

XWiki 8.2-8.9 - Stored Cross-Site Scripting via Markdown HTML Import

CVE-2025-46557 CRITICAL

XWiki <15.10.14, <16.4.6, <16.10.0-rc-1 - Privilege Escalation

CVE-2025-46554 MEDIUM NUCLEI

XWiki <14.10.22, <15.10.12, <16.4.3, <16.7.0 - Info Disclosure

CVE-2025-32974 CRITICAL

XWiki 15.9-15.10.7 and 16.0.0-16.1.0 - Privilege Escalation via TextArea Default Content Type

CVE-2025-32973 CRITICAL

XWiki 15.9-15.10.12, 16.0.0-16.4.3, 16.5.0-16.8.0-rc-1 - Missing Authorization for Programming Rights

CVE-2025-32972 LOW

XWiki 6.1-15.10.11, 16.0.0-16.4.2, 16.5.0-16.7.0 - Authenticated Cache Clearing via LESS Compiler

CVE-2025-32971 LOW

XWiki 4.5.1-15.10.12, 16.0.0-rc-1-16.4.3, 16.5.0-rc-1-16.8.0-rc-1 - Incorrect Authorization in Solr Script Service

Previous Page 2 of 12 Next

Products

xwiki 248 cryptpad 5 pro_macros 5 commons 4 xwiki-platform 4 xwiki-rendering 4 pdf_viewer_macro 3 change_request 2 ckeditor_integration 2 full_calendar_macro 2 admin_tools 1 application-collabora 1 application_licensing 1 blog_application 1 confluence_migrator 1 oauth_identity 1 openid_connect 1 org.xwiki.platform:xwiki-platform-legacy-oldcore 1 org.xwiki.platform:xwiki-platform-oldcore 1 rendering 1 wiki-platform 1 xwiki-commons 1 xwiki_enterprise 1 xwiki_watch 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy