Where
AND
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how xwiki compares to other vendors in security performance

View Risk Score →

XWiki XWiki PlatformXWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}

Risk 84
Severity
9.3
First published (updated )
CVE-2026-33137

XWiki XWiki PlatformXWiki Platform: Path traversal via resources parameter in ssx and jsx endpoints when using leading slash

Risk 84
Severity
9.3
First published (updated )
CVE-2026-23734

maven/org.xwiki.contrib:macro-fullcalendar-pomXWiki Full Calendar Macro vulnerable to SQL injection through Calendar.JSONService

Risk 87
Severity
10
First published (updated )
CVE-2025-65091

maven/org.xwiki.platform:xwiki-platform-rest-serverXWiki Platform vulnerable to HQL injection via wiki and space search REST API

Risk 84
Severity
9.3
First published (updated )
CVE-2025-52472

maven/org.xwiki.contrib.oidc:oidc-authenticatorXWiki OIDC Authenticator vulnerable to creation of token for any user with just `view` right

Risk 80
Severity
9.2
First published (updated )
CVE-2025-49594
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

XWiki Remote MacrosXWiki Remote Macros vulnerable to remote code execution using the confluence paste code macro

Risk 87
Severity
10
First published (updated )
CVE-2025-55730

XWiki Remote MacrosXWiki Remote Macros vulnerable to remote code execution using the ConfluenceLayoutSection macro

Risk 87
Severity
10
First published (updated )
CVE-2025-55729

XWiki Remote MacrosXWiki Remote Macros vulnerable to remote code execution using the panel macro

Risk 87
Severity
10
First published (updated )
CVE-2025-55728

XWiki Remote MacrosXWiki Remote Macros vulnerable to remote code execution from width parameter in the column macro

Risk 87
Severity
10
First published (updated )
CVE-2025-55727

XWiki xwikiXWiki Platform's configuration files can be accessed through jsx and sx endpoints

Risk 84
Severity
9.3
First published (updated )
CVE-2025-55748
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

XWiki xwikiXWiki Platform's configuration files can be accessed through the webjars API

Risk 84
Severity
9.3
First published (updated )
CVE-2025-55747

maven/org.xwiki.platform:xwiki-platform-oldcoreXWiki Platform's searchDocuments API allows for SQL injection

Risk 86
Severity
9.8
First published (updated )
CVE-2025-54385

maven/org.xwiki.platform:xwiki-platform-distribution-warXWiki Platform vulnerable to SQL injection through getdeleteddocuments.vm template sort parameter

Risk 99
Severity
9.8
Exploited
First published (updated )
CVE-2025-32429

XWiki xwikiXWiki Rendering is vulnerable to RCE attacks when processing nested macros

Risk 83
Severity
10
First published (updated )
CVE-2025-53836

maven/org.xwiki.rendering:xwiki-rendering-syntax-xhtmlXWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax

Risk 75
Severity
9.1
First published (updated )
CVE-2025-53835
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

CryptPad CryptPadCryptPad 2FA Bypass Vulnerability

Risk 47
Severity
9.1
EPSS
0.09%
First published (updated )
CVE-2025-49591

maven/org.xwiki.platform:xwiki-platform-oldcoreXWiki allows SQL injection in query endpoint of REST API with Oracle

Risk 86
Severity
9.8
First published (updated )
CVE-2024-56158

maven/org.xwiki.contrib.markdown:syntax-markdown-commonmark12org.xwiki.contrib.markdown:syntax-markdown-commonmark12 vulnerable to XSS via Markdown content

Risk 55
Severity
9.1
EPSS
0.04%
First published (updated )
CVE-2025-46558

maven/org.xwiki.platform:xwiki-platform-security-authentication-uiAny user with view access to the XWiki space can change the authenticator

Risk 61
Severity
9.8
EPSS
0.07%
First published (updated )
CVE-2025-46557

maven/org.xwiki.platform:xwiki-platform-security-requiredrights-defaultorg.xwiki.platform:xwiki-platform-security-requiredrights-default required rights analysis doesn't consider TextAreas with default content type

Risk 75
Severity
9.1
First published (updated )
CVE-2025-32974
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

maven/org.xwiki.platform:xwiki-platform-component-wikiorg.xwiki.platform:xwiki-platform-component-wiki provides no warning when granting XWiki.ComponentClass programming right

Risk 75
Severity
9.1
First published (updated )
CVE-2025-32973

XWiki xwikiorg.xwiki.platform:xwiki-platform-rest-server allows SQL injection in query endpoint of REST API

Risk 61
Severity
9.8
EPSS
0.32%
First published (updated )
CVE-2025-32969

XWiki xwikiThe WikiManager REST API allows any user to create wikis

Risk 61
Severity
9.8
EPSS
0.07%
First published (updated )
CVE-2025-29926

XWiki Confluence Migrator ProXWiki Confluence Migrator Pro allows Remote Code Execution via unescaped translations

Risk 54
Severity
9.1
EPSS
0.10%
First published (updated )
CVE-2025-27603

XWiki xwikiXWiki Platform Eval Injection Vulnerability

Risk 79
Severity
9.8
Exploited
EPSS
0.06%
First published (updated )
CVE-2025-24893
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

XWiki xwikiPrivilege escalation (PR) through realtime WYSIWYG editing in XWiki

Risk 55
Severity
9.1
EPSS
0.04%
First published (updated )
CVE-2025-23025

maven/org.xwiki.platform:xwiki-platform-administration-uiXWiki allows RCE from script right in configurable sections

Risk 75
Severity
9.1
First published (updated )
CVE-2024-55879

XWiki xwikiXWiki allows remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosList

Risk 86
Severity
10
First published (updated )
CVE-2024-55877

XWiki xwikiXWiki Platform has an SQL injection in getdocuments.vm with sort parameter

Risk 89
Severity
9.8
First published (updated )
CVE-2024-55663

XWiki xwikiXWiki allows remote code execution through the extension sheet

Risk 86
Severity
10
First published (updated )
CVE-2024-55662
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203