Filter
AND
AND

Versions

15.0
37
14.0
27
14.5
24
15.0-rc1
10
15.6
10
14.10
6
14.10-rc1
6
15.1
5
15.1-rc1
5
14.4.0
4
15.6-rc1
4
2.3
4
1.0
3
14.0.0
3
14.4.4
3
15.7-rc1
3
3.0
3
1.7
2
1.8
2
12.0
2
14.0-rc1
2
14.4.3
2
14.5.0
2
14.6
2
15.2
2
15.2-rc1
2
15.3
2
15.3-rc1
2
2.2-milestone1
2
2.4-milestone2
2
2.5
2
2.5-milestone2
2
3.0-milestone3
2
3.0-milestone_2
2
3.0-rc1
2
3.0.1
2
3.1-milestone2
2
3.1.1
2
3.5
2
6.2
2
6.2-milestone1
2
6.2-milestone2
2
6.2.1
2
6.3
2
6.3-milestone2
2
1.5
1
1.8-rc1
1
1.8-rc2
1
1.9
1
1.9-milestone2
1
10.11.1
1
11.10.1
1
11.10.2
1
11.6
1
11.6-rc1
1
11.8
1
11.8-milestone1
1
11.8.1
1
12.5
1
12.6.4
1
12.6.6
1
12.9
1
12.9-rc1
1
13.10
1
13.9
1
14.4.1
1
14.4.5
1
14.8
1
15.5-rc1
1
15.7
1
15.9
1
16.0
1
2.0
1
2.2.1
1
2.3-milestone1
1
3.0-milestone1
1
3.0-milestone2
1
3.1
1
3.1-milestone1
1
3.1-rc1
1
3.2-milestone3
1
3.3
1
3.3-milestone2
1
3.4
1
3.4-milestone-1
1
3.5-rc-1
1
4.1-milestone2
1
4.1.1
1
4.2
1
4.2-milestone3
1
4.3-milestone2
1
4.3.1
1
4.5
1
5.0
1
5.0-milestone1
1
5.0-milestone2
1
5.1
1
5.2
1
5.2-milestone2
1
5.2-rc1
1
5.3
1
5.3-milestone2
1
5.4
1
5.4.4
1
6.0-milestone1
1
6.0-milestone2
1
6.0.1
1
6.1
1
6.1-milestone1
1
6.1-milestone2
1
6.1-rc1
1
6.2.4
1
6.3-milestone1
1
6.3-rc1
1
6.4
1
6.4-milestone2
1
6.4-milestone3
1
7.0
1
7.2
1
7.2-milestone2
1
7.2-milestone3
1
7.3
1
7.4.4
1
8.1
1
9.2
1
9.4
1
9.4-rc-1
1
9.6
1
9.7
1

maven/org.xwiki.platform:xwiki-platform-administration-uiXWiki Remote Code Execution vulnerability via user registration

critical
10
EPSS
0.58%
First published (updated )
CVE-2024-21650

maven/org.xwiki.commons:xwiki-commons-velocityXWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution

critical
10
EPSS
0.04%
First published (updated )
CVE-2024-31996

Xwiki XwikiXWiki Platform: Remote code execution from account via SearchSuggestSourceSheet

critical
10
EPSS
0.04%
First published (updated )
CVE-2024-31465

maven/org.xwiki.platform:xwiki-platform-uiextension-apiXWiki Platform remote code execution from account through UIExtension parameters

critical
10
EPSS
0.04%
First published (updated )
CVE-2024-31997

maven/org.xwiki.platform:xwiki-platform-rendering-macro-includeXWiki programming rights may be inherited by inclusion

critical
10
First published (updated )
CVE-2024-38369

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

maven/org.xwiki.platform:xwiki-platform-search-uiXWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet

critical
10
First published (updated )
CVE-2024-37901

Xwiki XwikiImproper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-skin-ui

critical
10
First published (updated )
CVE-2023-37462

Xwiki XwikiXWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile

critical
10
First published (updated )
CVE-2023-26472

Xwiki XwikiXWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author

critical
10
First published (updated )
CVE-2023-26474

Xwiki Xwikiorg.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability

critical
10
First published (updated )
CVE-2023-26477

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Xwiki XwikiXWiki Platform users may execute anything with superadmin right through comments and async macro

critical
10
First published (updated )
CVE-2023-26471

Xwiki XwikiXWiki Platform vulnerable to Remote Code Execution in Annotations

critical
10
First published (updated )
CVE-2023-26475

Xwiki XwikiImproper Neutralization of Directives in Dynamically Evaluated Code in org.xwiki.platform:xwiki-platform-panels-ui

critical
10
First published (updated )
CVE-2023-27479

Xwiki Xwikiorg.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability

critical
10
First published (updated )
CVE-2023-29509

Xwiki XwikiCode injection from account through XWiki.SchedulerJobSheet in xwiki-platform

critical
10
First published (updated )
CVE-2023-29524

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Xwiki XwikiCode injection in display method used in user profiles in xwiki-platform

critical
10
First published (updated )
CVE-2023-29523

maven/org.xwiki.platform:xwiki-platform-distribution-warPrivilege escalation from view right on XWiki.Notifications.Code.LegacyNotificationAdministration in xwiki-platform

critical
10
First published (updated )
CVE-2023-29525

Xwiki XwikiCode injection in template provider administration in xwiki-platform

critical
10
First published (updated )
CVE-2023-29514

Xwiki XwikiCode injection via unescaped translations in xwiki-platform

critical
10
First published (updated )
CVE-2023-29510

Xwiki XwikiAsync and display macro allow displaying and interacting with any document in restricted mode

critical
10
First published (updated )
CVE-2023-29526

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Xwiki XwikiCode injection from account through AWM view sheet in xwiki platform

critical
10
First published (updated )
CVE-2023-29527

Xwiki XwikiXWiki Platform privilege escalation (PR)/RCE from account through class sheet

critical
10
First published (updated )
CVE-2023-32069

Xwiki XwikiCode injection in icon themes of XWiki Platform

critical
10
First published (updated )
CVE-2023-36470

Xwiki XwikiUpgrading doesn't prevent exploiting vulnerable XWiki documents

critical
10
First published (updated )
CVE-2023-36468

Xwiki XwikiCode injection through NotificationRSSService in XWiki Platform

critical
10
First published (updated )
CVE-2023-36469

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

maven/org.xwiki.platform:xwiki-platform-help-uiPrivilege escalation (PR) from account through TipsPanel

critical
10
First published (updated )
CVE-2023-35166

Xwiki XwikiXWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResults

critical
10
First published (updated )
CVE-2023-35152

Xwiki XwikiXWiki Platform's Mail.MailConfig can be edited by any user with edit rights

critical
10
First published (updated )
CVE-2023-34465

maven/org.xwiki.platform:xwiki-platform-menu-uiPrivilege escalation (PR)/remote code execution from account through Menu.UIExtensionSheet

critical
10
First published (updated )
CVE-2023-37909

Xwiki Xwikiorg.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter

critical
10
First published (updated )
CVE-2023-37913

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203