Filter
AND
-Infinity
0

Trending

Last week
Last month
Last year

XwikiXWiki's scheduler in subwiki allows scheduling operations for any main wiki user

medium
5.4
First published (updated )
CVE-2024-55876

maven/org.xwiki.platform:xwiki-platform-messagestreamXWiki allows unregistered users to see "public" messages from a closed wiki via notifications from a different wiki

medium
4.7
EPSS
0.06%
First published (updated )
CVE-2025-32783

XwikiPartial authorization bypass on document save in xwiki-platform

medium
5.5
First published (updated )
CVE-2022-23615

XwikiMissing authorization in xwiki-platform

medium
6.5
First published (updated )
CVE-2022-23617

maven/org.xwiki.platform:xwiki-platform-oldcoreOpen Redirect in xwiki-platform

medium
6.1
First published (updated )
CVE-2022-23618

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

XwikiPath traversal in xwiki-platform-skin-skinx

medium
6.8
First published (updated )
CVE-2022-23620

XwikiMissing authorization in xwiki-platform

medium
5.5
First published (updated )
CVE-2022-23621

XwikiPath Traversal in XWiki Platform

medium
4
First published (updated )
CVE-2022-29253

XwikiXWiki Cross-Site Request Forgery (CSRF) for actions on tags

medium
4.3
First published (updated )
CVE-2022-36095

XwikiPlaintext storage of password in org.xwiki.platform:xwiki-platform-security-authentication-default

medium
6.5
First published (updated )
CVE-2022-41933

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

maven/org.xwiki.platform:xwiki-platform-tool-configuration-resourcesXSS by SVG upload in xwiki-platform

medium
5.4
First published (updated )
CVE-2021-43841

XwikiUnauthenticated user can retrieve the list of users through uorgsuggest.vm

medium
5.3
First published (updated )
CVE-2022-24819

XwikiUnauthenticated user can list hidden document from multiple velocity templates

medium
5.3
First published (updated )
CVE-2022-24820

XWikiArbitrary file access through XML parsing in org.xwiki.commons:xwiki-commons-xml

medium
4.9
First published (updated )
CVE-2022-24898

XwikiMissing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore

medium
4.9
First published (updated )
CVE-2022-41929

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

XwikiExposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-livetable-ui

medium
5.3
First published (updated )
CVE-2022-41935

Xwikiorg.xwiki.platform:xwiki-platform-rendering-parser vulnerable to Improper Handling of Exceptional Conditions

medium
6.5
First published (updated )
CVE-2023-26479

XwikiXWiki Platform allows unprivileged users to make arbitrary select queries using DatabaseListProperty and suggest.vm

medium
6.5
First published (updated )
CVE-2023-26473

XwikiXWiki Platform allows macro execution as any user without programming rights through the context macro

medium
5.4
First published (updated )
CVE-2023-26056

maven/org.xwiki.platform:xwiki-platform-notifications-uiMissing checks for notification filter preferences editions in XWiki Platform

medium
6.5
First published (updated )
CVE-2024-46978

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

maven/org.xwiki.platform:xwiki-platform-notifications-uiData leak of notification filters of users in XWiki Platform

medium
5.3
First published (updated )
CVE-2024-46979

XwikiUnauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm

medium
5.3
First published (updated )
CVE-2023-29203

XwikiURL Redirection to Untrusted Site ('Open Redirect') in org.xwiki.platform:xwiki-platform-oldcore

medium
6.1
First published (updated )
CVE-2023-29204

Xwikiorg.xwiki.platform:xwiki-platform-security-authentication-default XSS with authenticated endpoints

medium
6.1
First published (updated )
CVE-2023-29506

maven/org.xwiki.platform:xwiki-platform-web-templatesUsers can be created even when registration is disabled without validation via the template macro in xwiki-platform

medium
5
First published (updated )
CVE-2023-29513

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

maven/org.xwiki.platform:xwiki-platform-localization-source-wikiPage render failure due to broken translations in xwiki-platform

medium
6.5
First published (updated )
CVE-2023-29520

maven/org.xwiki.platform:xwiki-platform-scheduler-uiXWiki Platform CSRF in the job scheduler

medium
5.4
EPSS
0.04%
First published (updated )
CVE-2024-31985

XwikiURL Redirection to Untrusted Site in XWiki

medium
6.1
First published (updated )
CVE-2023-32068

XwikiXWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader

medium
6.4
First published (updated )
CVE-2024-37900

maven/org.xwiki.platform:xwiki-platform-oldcoreXWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted

medium
6.8
EPSS
0.04%
First published (updated )
CVE-2024-31464

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203