| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-49584 | XWiki makes title of inaccessible pages available through the class property values REST API | xwiki | xwiki-platform | - | - | 2025-06-13 17:21:34 | Deep Dive |
| CVE-2025-49583 | XWiki provides no warning when granting XWiki.Notifications.Code.NotificationEmailRendererClass admin right | xwiki | xwiki-platform | - | - | 2025-06-13 17:04:50 | Deep Dive |
| CVE-2025-49582 | XWiki's required right warnings for macros are incomplete | xwiki | xwiki-platform | - | - | 2025-06-13 16:41:45 | Deep Dive |
| CVE-2025-49581 | XWiki allows remote code execution through default value of wiki macro wiki-type parameters | xwiki | xwiki-platform | - | - | 2025-06-13 16:09:23 | Deep Dive |
| CVE-2025-49580 | XWiki allows privilege escalation through link refactoring | xwiki | xwiki-platform | - | - | 2025-06-13 15:45:58 | Deep Dive |
| CVE-2024-56158 | XWiki allows SQL injection in query endpoint of REST API with Oracle | xwiki | xwiki-platform | - | - | 2025-06-12 14:56:57 | Deep Dive |
| CVE-2025-48063 | XWiki Platform Security Authorization Bridge allows users with just edit right can enforce required rights with programming right | xwiki | xwiki-platform | - | - | 2025-05-21 17:38:37 | Deep Dive |
| CVE-2025-46554 | XWiki missing authorization when accessing the wiki level attachments list and metadata via REST API | xwiki | xwiki-platform | Medium | 5.3 | 2025-04-30 18:27:54 | Deep Dive |
| CVE-2025-46557 | Any user with view access to the XWiki space can change the authenticator | xwiki | xwiki-platform | - | - | 2025-04-30 18:27:40 | Deep Dive |
| CVE-2025-32973 | org.xwiki.platform:xwiki-platform-component-wiki provides no warning when granting XWiki.ComponentClass programming right | xwiki | xwiki-platform | Critical | 9.0 | 2025-04-30 14:55:04 | Deep Dive |
| CVE-2025-32974 | org.xwiki.platform:xwiki-platform-security-requiredrights-default required rights analysis doesn't consider TextAreas with default content type | xwiki | xwiki-platform | Critical | 9.0 | 2025-04-30 14:55:01 | Deep Dive |
| CVE-2025-32972 | The lesscss script service allows cache clearing without programming right | xwiki | xwiki-platform | Low | 2.7 | 2025-04-30 14:54:59 | Deep Dive |
| CVE-2025-32971 | XWiki Solr script service doesn't take dropped programming right into account | xwiki | xwiki-platform | Low | 3.8 | 2025-04-30 14:54:55 | Deep Dive |
| CVE-2025-32970 | org.xwiki.platform:xwiki-platform-wysiwyg-api Open Redirect vulnerability | xwiki | xwiki-platform | Medium | 6.1 | 2025-04-30 14:54:52 | Deep Dive |
| CVE-2025-32969 | org.xwiki.platform:xwiki-platform-rest-server allows SQL injection in query endpoint of REST API | xwiki | xwiki-platform | 超危 | - | 2025-04-23 15:33:04 | Deep Dive |
| CVE-2025-32968 | org.xwiki.platform:xwiki-platform-oldcore allows SQL injection in short form select requests through the script query API | xwiki | xwiki-platform | 高危 | - | 2025-04-23 15:27:27 | Deep Dive |
| CVE-2025-32783 | XWiki allows unregistered users to see "public" messages from a closed wiki via notifications from a different wiki | xwiki | xwiki-platform | Medium | 4.7 | 2025-04-16 21:38:06 | Deep Dive |
| CVE-2025-29926 | The WikiManager REST API allows any user to create wikis | xwiki | xwiki-platform | 中危 | - | 2025-03-19 17:40:45 | Deep Dive |
| CVE-2025-29925 | XWiki allows unregistered users to access private pages information through REST endpoint | xwiki | xwiki-platform | 高危 | - | 2025-03-19 17:36:28 | Deep Dive |
| CVE-2025-29924 | XWiki uses the wrong wiki reference in AuthorizationManager | xwiki | xwiki-platform | 高危 | - | 2025-03-19 17:31:10 | Deep Dive |