Filter
AND
-Infinity
0

Trending

Last week
Last month
Last year

maven/org.xwiki.platform:xwiki-platform-administration-uiXWiki Remote Code Execution vulnerability via user registration

critical
10
EPSS
0.58%
First published (updated )
CVE-2024-21650

XwikiXWiki Platform: Remote code execution through space title and Solr space facet

critical
10
EPSS
0.04%
First published (updated )
CVE-2024-31984

maven/org.xwiki.platform:xwiki-platform-search-uiXWiki Platform: Remote code execution as guest via DatabaseSearch

critical
10
EPSS
0.04%
First published (updated )
CVE-2024-31982

XwikiXWiki Platform: Remote code execution from edit in multilingual wikis via translations

critical
10
EPSS
0.04%
First published (updated )
CVE-2024-31983

maven/org.xwiki.platform:xwiki-platform-oldcoreXWiki Platform: Privilege escalation (PR) from user registration through PDFClass

critical
10
EPSS
0.04%
First published (updated )
CVE-2024-31981

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

maven/org.xwiki.commons:xwiki-commons-velocityXWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution

critical
10
EPSS
0.04%
First published (updated )
CVE-2024-31996

maven/org.xwiki.platform:xwiki-platform-oldcoreXWiki Platform remote code execution from account via custom skins support

critical
10
EPSS
0.04%
First published (updated )
CVE-2024-31987

XwikiXWiki Platform: Remote code execution from account via SearchSuggestSourceSheet

critical
10
EPSS
0.04%
First published (updated )
CVE-2024-31465

maven/org.xwiki.platform:xwiki-platform-uiextension-apiXWiki Platform remote code execution from account through UIExtension parameters

critical
10
EPSS
0.04%
First published (updated )
CVE-2024-31997

maven/org.xwiki.platform:xwiki-platform-search-uiXWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet

critical
10
First published (updated )
CVE-2024-37901

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

XwikiCode injection in icon themes of XWiki Platform

critical
10
First published (updated )
CVE-2023-36470

XwikiUpgrading doesn't prevent exploiting vulnerable XWiki documents

critical
10
First published (updated )
CVE-2023-36468

XwikiCode injection through NotificationRSSService in XWiki Platform

critical
10
First published (updated )
CVE-2023-36469

XwikiXWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResults

critical
10
First published (updated )
CVE-2023-35152

XwikiXWiki Platform's Mail.MailConfig can be edited by any user with edit rights

critical
10
First published (updated )
CVE-2023-34465

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

maven/org.xwiki.platform:xwiki-platform-office-importerorg.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter

critical
10
First published (updated )
CVE-2023-37913

maven/org.xwiki.platform:xwiki-platform-administration-uiRemote code execution through the section parameter in Administration as guest in XWiki Platform

critical
10
First published (updated )
CVE-2023-46731

maven/org.xwiki.platform:xwiki-platform-oldcoreCode execution via the edit action in XWiki platform

critical
10
First published (updated )
CVE-2023-46243

XwikiXWiki Platform remote code execution/programming rights with configuration section from any user account

critical
10
First published (updated )
CVE-2023-50723

XwikiXWiki Platform RCE from account through SearchAdmin

critical
10
First published (updated )
CVE-2023-50721

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

maven/org.xwiki.platform:xwiki-platform-invitation-uiPrivilege escalation (PR)/RCE from account through Invitation subject/message

critical
9.9
First published (updated )
CVE-2023-37914

XwikiXWiki Platform privilege escalation (PR) from account through AWM content fields

critical
9.9
First published (updated )
CVE-2023-40177

maven/org.xwiki.platform:xwiki-platform-realtime-uiXWiki Platform CSRF remote code execution through the realtime HTML Converter API

critical
9.7
EPSS
0.04%
First published (updated )
CVE-2024-31988

XwikiXWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in restore template

critical
9.7
First published (updated )
CVE-2023-35158

maven/org.xwiki.platform:xwiki-platform-rest-serverXWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API

critical
9.6
First published (updated )
CVE-2023-37277

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

XwikiXWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template

critical
9.6
First published (updated )
CVE-2023-35159

XwikiXWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template

critical
9.6
First published (updated )
CVE-2023-35160

XwikiXWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in delete template

critical
9.6
First published (updated )
CVE-2023-35156

XwikiXWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled

critical
9.6
First published (updated )
CVE-2023-45136

maven/org.xwiki.platform:xwiki-platform-flamingo-skin-resourcesReflected Cross-site scripting through revision parameter in content menu in XWiki Platform

critical
9.6
First published (updated )
CVE-2023-46732

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203