| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-58365 | XWiki Blog Application: Privilege Escalation (PR) from account through blog content | xwiki-contrib | application-blog | - | - | 2025-09-08 21:19:09 | Deep Dive |
| CVE-2025-55748 | XWiki Platform's configuration files can be accessed through jsx and sx endpoints | xwiki | xwiki-platform | - | - | 2025-09-03 20:19:46 | Deep Dive |
| CVE-2025-55747 | XWiki Platform's configuration files can be accessed through the webjars API | xwiki | xwiki-platform | - | - | 2025-09-03 20:12:13 | Deep Dive |
| CVE-2025-58049 | XWiki PDF export jobs store sensitive cookies unencrypted in job statuses | xwiki | xwiki-platform | Medium | 5.8 | 2025-08-28 17:43:40 | Deep Dive |
| CVE-2025-54125 | XWiki Platform: Password and email exposure in xml.vm fields | xwiki | xwiki-platform | - | - | 2025-08-05 23:30:39 | Deep Dive |
| CVE-2025-54124 | XWiki Platform: Any user with editing rights can access password properties through Database List Properties | xwiki | xwiki-platform | - | - | 2025-08-05 23:28:07 | Deep Dive |
| CVE-2025-32430 | XWiki Platform contains Reflected XSS vulnerability in two templates | xwiki | xwiki-platform | - | - | 2025-08-05 23:27:07 | Deep Dive |
| CVE-2025-52133 | XWiki Contrib Mocca Calendar Application 跨站脚本漏洞 | xwiki-contrib | Mocca Calendar | Medium | 6.4 | 2025-08-03 00:00:00 | Deep Dive |
| CVE-2025-52132 | XWiki Contrib Mocca Calendar Application 跨站脚本漏洞 | xwiki-contrib | Mocca Calendar | Medium | 6.4 | 2025-08-03 00:00:00 | Deep Dive |
| CVE-2025-52131 | XWiki Contrib Mocca Calendar Application 跨站脚本漏洞 | xwiki-contrib | Mocca Calendar | Medium | 6.4 | 2025-08-03 00:00:00 | Deep Dive |
| CVE-2025-54385 | XWiki Platform's searchDocuments API allows for SQL injection | xwiki | xwiki-platform | 中危 | - | 2025-07-26 03:28:49 | Deep Dive |
| CVE-2025-32429 | XWiki Platform vulnerable to SQL injection through getdeleteddocuments.vm template sort parameter | xwiki | xwiki-platform | 中危 | - | 2025-07-24 22:22:35 | Deep Dive |
| CVE-2025-53836 | XWiki Rendering is vulnerable to RCE attacks when processing nested macros | xwiki | xwiki-rendering | Critical | 9.9 | 2025-07-14 23:08:34 | Deep Dive |
| CVE-2025-53835 | XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax | xwiki | xwiki-rendering | Critical | 9.0 | 2025-07-14 23:00:36 | Deep Dive |
| CVE-2025-49587 | XWiki does not require right warnings for notification displayer objects | xwiki | xwiki-platform | - | - | 2025-06-13 17:51:48 | Deep Dive |
| CVE-2025-49586 | XWiki allows remote code execution through preview of XClass changes in AWM editor | xwiki | xwiki-platform | - | - | 2025-06-13 17:47:07 | Deep Dive |
| CVE-2025-49585 | XWiki does not require right warnings for XClass definitions | xwiki | xwiki-platform | - | - | 2025-06-13 17:33:34 | Deep Dive |
| CVE-2025-49584 | XWiki makes title of inaccessible pages available through the class property values REST API | xwiki | xwiki-platform | - | - | 2025-06-13 17:21:34 | Deep Dive |
| CVE-2025-49583 | XWiki provides no warning when granting XWiki.Notifications.Code.NotificationEmailRendererClass admin right | xwiki | xwiki-platform | - | - | 2025-06-13 17:04:50 | Deep Dive |
| CVE-2025-49582 | XWiki's required right warnings for macros are incomplete | xwiki | xwiki-platform | - | - | 2025-06-13 16:41:45 | Deep Dive |