Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how xwiki compares to other vendors in security performance

View Risk Score →

XWiki XWiki PlatformXWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}

Risk 84
Severity
9.3
First published (updated )
CVE-2026-33137

XWiki XWiki PlatformXWiki Platform: Path traversal via resources parameter in ssx and jsx endpoints when using leading slash

Risk 84
Severity
9.3
First published (updated )
CVE-2026-23734

XWiki PlantUML MacroServer-Side Request Forgery (SSRF) in PlantUML Macro via 'server' parameter

Risk 29
Severity
4.4
First published (updated )
CVE-2026-42140

CryptPad CryptPadCryptPad unbounded WebSocket frame flood

Risk 47
Severity
8.7
First published (updated )
CVE-2025-51846

maven/org.xwiki.platform:xwiki-platform-legacy-oldcoreXWiki's REST APIs can list all pages/spaces, leading to unavailability

Risk 54
Severity
6.9
First published (updated )
CVE-2026-40104
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

maven/org.xwiki.platform:xwiki-platform-web-templatesXWiki has Reflected Cross-Site Scripting (XSS) in its page history compare functionality

Risk 71
Severity
6.5
First published (updated )
CVE-2026-40105

maven/org.xwiki.platform:xwiki-platform-legacy-oldcoreXWiki Platform affected by remote code execution with script right through unprotected Velocity scripting API

Risk 86
Severity
8.6
First published (updated )
CVE-2026-33229

maven/org.xwiki.contrib.blog:application-blog-uiXWiki Blog Application home page vulnerable to Stored XSS via Post Title

Risk 74
Severity
8.6
First published (updated )
CVE-2025-66024

maven/org.xwiki.platform:xwiki-platform-webXWiki Platform affected by click-jacking through CSS injection in comments

Risk 27
Severity
6.1
EPSS
0.03%
First published (updated )
CVE-2026-26000

XWiki xwikiXWiki Affected by Reflected Cross-Site Scripting (XSS) in Error Messages

Risk 51
Severity
6.5
EPSS
0.04%
First published (updated )
CVE-2026-24128
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

maven/org.xwiki.contrib:macro-fullcalendar-pomXWiki Full Calendar Macro vulnerable to SQL injection through Calendar.JSONService

Risk 87
Severity
10
First published (updated )
CVE-2025-65091

maven/org.xwiki.contrib:macro-fullcalendar-pomXWiki Full Calendar Macro vulnerable to data leak through Calendar.JSONService

Risk 27
Severity
5.3
First published (updated )
CVE-2025-65090

XWiki xwiki-renderingXWiki vulnerable to remote code execution through insufficient protection against {{/html}} injection

Risk 79
Severity
8.8
First published (updated )
CVE-2025-66474

maven/org.xwiki.platform:xwiki-platform-rest-serverXWiki's REST APIs don't enforce any limits, leading to unavailability and OOM in large wikis

Risk 47
Severity
8.7
First published (updated )
CVE-2025-66473

maven/org.xwiki.platform:xwiki-platform-web-templatesXWiki vulnerable to a reflected XSS via xredirect parameter in DeleteApplication

Risk 71
Severity
6.5
First published (updated )
CVE-2025-66472
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

xwiki/remote-macrosXWiki Remote Macros vulnerable to remote code execution using the confluence details summary macro

Risk 69
Severity
8.3
First published (updated )
CVE-2025-65036

maven/org.xwiki.platform:xwiki-platform-tool-jetty-resourcesThe XWiki Jetty package (XJetty) allows accessing any application file through URL

Risk 47
Severity
8.7
First published (updated )
CVE-2025-55749

maven/com.xwiki.pro:xwiki-pro-macros-uiXWiki view file macro: User can view content of office file without view rights on the attachment

Risk 38
Severity
6.8
First published (updated )
CVE-2025-65089

BleepingComputerRondoDox botnet malware now hacks servers using XWiki flaw

Exploited
Zeroday
First published (updated )
News
BleepingComputer

maven/org.xwiki.platform:xwiki-platform-rest-serverXWiki Platform vulnerable to HQL injection via wiki and space search REST API

Risk 84
Severity
9.3
First published (updated )
CVE-2025-52472
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

maven/org.xwiki.contrib.oidc:oidc-authenticatorXWiki OIDC Authenticator vulnerable to creation of token for any user with just `view` right

Risk 80
Severity
9.2
First published (updated )
CVE-2025-49594

XWiki Remote MacrosXWiki Remote Macros vulnerable to remote code execution using the confluence paste code macro

Risk 87
Severity
10
First published (updated )
CVE-2025-55730

XWiki Remote MacrosXWiki Remote Macros vulnerable to remote code execution using the ConfluenceLayoutSection macro

Risk 87
Severity
10
First published (updated )
CVE-2025-55729

XWiki Remote MacrosXWiki Remote Macros vulnerable to remote code execution using the panel macro

Risk 87
Severity
10
First published (updated )
CVE-2025-55728

XWiki Remote MacrosXWiki Remote Macros vulnerable to remote code execution from width parameter in the column macro

Risk 87
Severity
10
First published (updated )
CVE-2025-55727
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

XWiki xwikiXWiki Platform's configuration files can be accessed through jsx and sx endpoints

Risk 84
Severity
9.3
First published (updated )
CVE-2025-55748

XWiki xwikiXWiki Platform's configuration files can be accessed through the webjars API

Risk 84
Severity
9.3
First published (updated )
CVE-2025-55747

maven/org.xwiki.platform:xwiki-platform-export-pdf-apiXWiki PDF export jobs store sensitive cookies unencrypted in job statuses

Risk 43
Severity
7.5
First published (updated )
CVE-2025-58049

XWiki xwikiXSS

Risk 29
Severity
4.8
First published (updated )
CVE-2025-51990

XWiki xwikiXSS, Code Injection

Risk 79
Severity
8.8
First published (updated )
CVE-2025-51991
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203