Where
-Infinity
0

Trending

Last week
Last month
Last year

maven/org.xwiki.platform:xwiki-platform-legacy-oldcoreXWiki's REST APIs can list all pages/spaces, leading to unavailability

Risk 54
Severity
6.9
First published (updated )
CVE-2026-40104

maven/org.xwiki.platform:xwiki-platform-web-templatesXWiki has Reflected Cross-Site Scripting (XSS) in its page history compare functionality

Risk 71
Severity
6.5
First published (updated )
CVE-2026-40105

maven/org.xwiki.platform:xwiki-platform-legacy-oldcoreXWiki Platform affected by remote code execution with script right through unprotected Velocity scripting API

Risk 86
Severity
8.6
First published (updated )
CVE-2026-33229

maven/org.xwiki.platform:xwiki-platform-webXWiki Platform affected by click-jacking through CSS injection in comments

Risk 27
Severity
6.1
EPSS
0.03%
First published (updated )
CVE-2026-26000

XWiki xwikiXWiki Affected by Reflected Cross-Site Scripting (XSS) in Error Messages

Risk 51
Severity
6.5
EPSS
0.04%
First published (updated )
CVE-2026-24128
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

maven/org.xwiki.platform:xwiki-platform-rest-serverXWiki's REST APIs don't enforce any limits, leading to unavailability and OOM in large wikis

Risk 47
Severity
8.7
First published (updated )
CVE-2025-66473

maven/org.xwiki.platform:xwiki-platform-web-templatesXWiki vulnerable to a reflected XSS via xredirect parameter in DeleteApplication

Risk 71
Severity
6.5
First published (updated )
CVE-2025-66472

maven/org.xwiki.platform:xwiki-platform-tool-jetty-resourcesThe XWiki Jetty package (XJetty) allows accessing any application file through URL

Risk 47
Severity
8.7
First published (updated )
CVE-2025-55749

maven/org.xwiki.platform:xwiki-platform-oldcoreXWiki allows SQL injection in query endpoint of REST API with Oracle

Risk 86
Severity
9.8
First published (updated )
CVE-2024-56158

XWiki xwikiXWiki Platform Eval Injection Vulnerability

Risk 79
Severity
9.8
Exploited
EPSS
0.06%
First published (updated )
CVE-2025-24893
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

XWiki xwikiSQL Injection

Risk 52
Severity
7.5
First published (updated )
CVE-2010-4641

XWiki xwikiXSS

Risk 22
Severity
4.3
First published (updated )
CVE-2010-4642

XWiki xwikiUnspecified vulnerability in the Multiwiki plugin in XWiki before 1.1 Enterprise RC2 allows remote a…

Risk 13
Severity
2.1
First published (updated )
CVE-2007-4898

XWiki xwikiPreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the…

Risk 47
Severity
6.5
First published (updated )
CVE-2006-7223

XWiki xwikiThe "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 associates the doc variable wi…

Risk 18
Severity
3.5
First published (updated )
CVE-2007-4888
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203