| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-40105 | XWiki has Reflected Cross-Site Scripting (XSS) in its page history compare functionality | xwiki | xwiki-platform | 中危 | - | 2026-04-15 00:07:23 | Deep Dive |
| CVE-2026-40104 | XWiki's REST APIs can list all pages/spaces, leading to unavailability | xwiki | org.xwiki.platform:xwiki-platform-oldcore | 中危 | - | 2026-04-15 00:01:59 | Deep Dive |
| CVE-2026-33229 | XWiki Platform affected by remote code execution with script right through unprotected Velocity scripting API | xwiki | xwiki-platform | - | - | 2026-04-08 14:53:36 | Deep Dive |
| CVE-2025-66024 | XWiki Blog Application home page vulnerable to Stored XSS via Post Title | xwiki-contrib | application-blog-ui | - | - | 2026-03-04 21:47:11 | Deep Dive |
| CVE-2026-26000 | XWiki Platform affected by click-jacking through CSS injection in comments | xwiki | xwiki-platform | - | - | 2026-02-12 20:30:07 | Deep Dive |
| CVE-2026-24128 | XWiki Affected by Reflected Cross-Site Scripting (XSS) in Error Messages | xwiki | xwiki-platform | 中危 | - | 2026-01-23 23:18:31 | Deep Dive |
| CVE-2025-65091 | XWiki Full Calendar Macro vulnerable to SQL injection through Calendar.JSONService | xwiki-contrib | macro-fullcalendar | Critical | 10.0 | 2026-01-10 03:06:17 | Deep Dive |
| CVE-2025-65090 | XWiki Full Calendar Macro vulnerable to data leak through Calendar.JSONService | xwiki-contrib | macro-fullcalendar | Medium | 5.3 | 2026-01-10 03:05:07 | Deep Dive |
| CVE-2025-66474 | XWiki vulnerable to remote code execution through insufficient protection against {{/html}} injection | xwiki | xwiki-rendering | - | - | 2025-12-10 21:59:59 | Deep Dive |
| CVE-2025-66473 | XWiki's REST APIs don't enforce any limits, leading to unavailability and OOM in large wikis | xwiki | xwiki-platform | - | - | 2025-12-10 21:51:56 | Deep Dive |
| CVE-2025-66472 | XWiki vulnerable to a reflected XSS via xredirect parameter in DeleteApplication | xwiki | xwiki-platform | - | - | 2025-12-10 21:34:47 | Deep Dive |
| CVE-2025-65036 | XWiki Remote Macros vulnerable to remote code execution using the confluence details summary macro | xwikisas | xwiki-pro-macros | High | 8.3 | 2025-12-05 16:10:09 | Deep Dive |
| CVE-2025-55749 | The XWiki Jetty package (XJetty) allows accessing any application file through URL | xwiki | xwiki-platform | - | - | 2025-12-01 20:09:46 | Deep Dive |
| CVE-2025-65089 | XWiki view file macro: User can view content of office file without view rights on the attachment | xwikisas | xwiki-pro-macros | Medium | 6.8 | 2025-11-19 17:41:32 | Deep Dive |
| CVE-2025-52472 | XWiki Platform vulnerable to HQL injection via wiki and space search REST API | xwiki | xwiki-platform | - | - | 2025-10-06 14:53:47 | Deep Dive |
| CVE-2025-49594 | XWiki OIDC Authenticator vulnerable to creation of token for any user with just `view` right | xwiki-contrib | oidc | - | - | 2025-10-06 14:48:44 | Deep Dive |
| CVE-2025-55730 | XWiki Remote Macros vulnerable to remote code execution using the confluence paste code macro | xwikisas | xwiki-pro-macros | Critical | 10.0 | 2025-09-09 18:53:53 | Deep Dive |
| CVE-2025-55729 | XWiki Remote Macros vulnerable to remote code execution using the ConfluenceLayoutSection macro | xwikisas | xwiki-pro-macros | Critical | 10.0 | 2025-09-09 18:51:47 | Deep Dive |
| CVE-2025-55728 | XWiki Remote Macros vulnerable to remote code execution using the panel macro | xwikisas | xwiki-pro-macros | Critical | 10.0 | 2025-09-09 18:40:52 | Deep Dive |
| CVE-2025-55727 | XWiki Remote Macros vulnerable to remote code execution from width parameter in the column macro | xwikisas | xwiki-pro-macros | Critical | 10.0 | 2025-09-09 18:31:08 | Deep Dive |