xwiki

285 tracked vulnerabilities.

CVE-2025-32970 MEDIUM NUCLEI
XWiki WYSIWYG API - Open Redirect
Apr 30, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-32969 CRITICAL NUCLEI
XWiki REST API Query - SQL Injection
Apr 23, 2025
CVSS 9.8
EPSS 0.31
CVE-2025-32968 HIGH
XWiki 1.6-15.10.15, 16.0-16.4.5, 16.5-16.10.0 - Authenticated Blind SQL Injection via HQL Query
Apr 23, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-32783 MEDIUM
XWiki 5.0-16.7.1 - Unintended Message Exposure via Message Stream Feature
Apr 16, 2025
CVSS 4.7
EPSS 0.00
CVE-2025-29926 CRITICAL
XWiki Platform <15.10.15, <16.4.6, <16.10.0 - Info Disclosure
Mar 19, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-29925 MEDIUM NUCLEI
XWiki REST API - Private Pages Disclosure
Mar 19, 2025
CVSS 5.3
EPSS 0.01
CVE-2025-29924 HIGH
XWiki Platform <15.10.14, 16.4.6, 16.10.0-rc-1 - Info Disclosure
Mar 19, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-27604 HIGH
XWiki Confluence Migrator Pro < 1.11.7 - Unauthenticated Exposure of Sensitive Information via Public Homepage
Mar 07, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-24893 CRITICAL KEVNUCLEI
XWiki Platform - Remote Code Execution
Feb 20, 2025
CVSS 9.8
EPSS 0.94
CVE-2025-23025 CRITICAL
XWiki 13.9-15.10.12 - Missing Authorization in Realtime WYSIWYG Editor
Jan 14, 2025
CVSS 9.0
EPSS 0.02
CVE-2024-56158 CRITICAL
XWiki < 15.10.16 - SQL Injection via Oracle DBMS_XMLGEN Function
Jun 12, 2025
CVSS 9.8
EPSS 0.02
CVE-2024-55879 CRITICAL
XWiki 2.3-15.10.8 and 16.0.0-16.2.0 - Authenticated Remote Code Execution via ConfigurableClass Instance Addition
Dec 12, 2024
CVSS 9.1
EPSS 0.20
CVE-2024-55877 CRITICAL
XWiki 9.7-15.10.10 - Authenticated Remote Code Execution via WikiMacroClass Instance Injection
Dec 12, 2024
CVSS 9.9
EPSS 0.33
CVE-2024-55876 MEDIUM
XWiki 1.2.1-15.10.8 and 16.0.0-16.2.9 - Missing Authorization in Scheduler Operations
Dec 12, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-55663 CRITICAL
XWiki Platform <13.10.5-14.3-rc-1 - SQL Injection
Dec 12, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-55662 CRITICAL
XWiki 3.3-15.10.8 - Unauthenticated Remote Code Execution via Extension Repository Application
Dec 12, 2024
CVSS 9.9
EPSS 0.13
CVE-2024-52300 CRITICAL
XWiki PDF Viewer Macro < 2.5.6 - Stored Cross-Site Scripting via Width Parameter
Nov 13, 2024
CVSS 9.0
EPSS 0.01
CVE-2024-52299 HIGH
XWiki PDF Viewer Macro < 2.5.6 - Unauthorized Attachment Access via Incorrect Key Generation
Nov 13, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-52298 HIGH
XWiki PDF Viewer Macro < 2.5.6 - Unauthenticated Sensitive Information Exposure via Attachment Reference Inspection
Nov 13, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-46979 MEDIUM
XWiki 13.2-14.10.20 Unauthorized Access via NotificationFilterPreferenceLivetableResults
Sep 18, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-46978 MEDIUM
XWiki Platform <14.10.21 - Info Disclosure
Sep 18, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-45591 MEDIUM NUCLEI
XWiki 1.8-15.10.8 - Unauthenticated Exposure of Private Personal Information via REST API
Sep 10, 2024
CVSS 5.3
EPSS 0.86
CVE-2024-43401 CRITICAL
XWiki Platform < 15.10-rc-1 - Unauthenticated Privilege Escalation via WYSIWYG Editor Payload
Aug 19, 2024
CVSS 9.0
EPSS 0.01
CVE-2024-43400 CRITICAL
XWiki < 14.10.21 - Stored Cross-Site Scripting via Crafted URL
Aug 19, 2024
CVSS 9.0
EPSS 0.07
CVE-2024-42489 CRITICAL
XWiki Pro Macros < 1.10.1 - Remote Code Execution via Viewpdf Macro
Aug 12, 2024
CVSS 10.0
EPSS 0.45
Products
xwiki 248 cryptpad 5 pro_macros 5 commons 4 xwiki-platform 4 xwiki-rendering 4 pdf_viewer_macro 3 change_request 2 ckeditor_integration 2 full_calendar_macro 2 admin_tools 1 application-collabora 1 application_licensing 1 blog_application 1 confluence_migrator 1 oauth_identity 1 openid_connect 1 org.xwiki.platform:xwiki-platform-legacy-oldcore 1 org.xwiki.platform:xwiki-platform-oldcore 1 rendering 1 wiki-platform 1 xwiki-commons 1 xwiki_enterprise 1 xwiki_watch 1
Quick Filters
Critical CVEs With Exploits In CISA KEV