| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-24893 | Remote code execution as guest via SolrSearchMacros request in xwiki | xwiki | xwiki-platform | Critical | 9.8 | 2025-02-20 19:19:11 | Deep Dive |
| CVE-2025-23025 | Privilege escalation (PR) through realtime WYSIWYG editing in XWiki | xwiki | xwiki-platform | Critical | 9.0 | 2025-01-14 17:42:14 | Deep Dive |
| CVE-2024-55879 | XWiki allows RCE from script right in configurable sections | xwiki | xwiki-platform | Critical | 9.1 | 2024-12-12 19:17:38 | Deep Dive |
| CVE-2024-55877 | XWiki allows remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosList | xwiki | xwiki-platform | Critical | 9.9 | 2024-12-12 19:13:43 | Deep Dive |
| CVE-2024-55876 | XWiki's scheduler in subwiki allows scheduling operations for any main wiki user | xwiki | xwiki-platform | 中危 | - | 2024-12-12 18:59:50 | Deep Dive |
| CVE-2024-55663 | XWiki Platform has an SQL injection in getdocuments.vm with sort parameter | xwiki | xwiki-platform | 中危 | - | 2024-12-12 18:53:49 | Deep Dive |
| CVE-2024-55662 | XWiki allows remote code execution through the extension sheet | xwiki | xwiki-platform | Critical | 9.9 | 2024-12-12 17:25:26 | Deep Dive |
| CVE-2024-46978 | Missing checks for notification filter preferences editions in XWiki Platform | xwiki | xwiki-platform | Medium | 6.5 | 2024-09-18 17:25:16 | Deep Dive |
| CVE-2024-46979 | Data leak of notification filters of users in XWiki Platform | xwiki | xwiki-platform | Medium | 5.3 | 2024-09-18 17:23:35 | Deep Dive |
| CVE-2024-45591 | XWiki Platform document history including authors of any page exposed to unauthorized actors | xwiki | xwiki-platform | Medium | 5.3 | 2024-09-10 15:56:53 | Deep Dive |
| CVE-2024-43400 | XWiki Platform allows XSS through XClass name in string properties | xwiki | xwiki-platform | Critical | 9.0 | 2024-08-19 16:24:41 | Deep Dive |
| CVE-2024-43401 | In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them | xwiki | xwiki-platform | Critical | 9.0 | 2024-08-19 16:24:30 | Deep Dive |
| CVE-2024-41947 | XWiki Platform XSS through conflict resolution | xwiki | xwiki-platform | Critical | 9.0 | 2024-07-31 15:24:20 | Deep Dive |
| CVE-2024-37901 | XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet | xwiki | xwiki-platform | Critical | 9.9 | 2024-07-31 15:19:37 | Deep Dive |
| CVE-2024-37900 | XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader | xwiki | xwiki-platform | Medium | 6.4 | 2024-07-31 15:15:31 | Deep Dive |
| CVE-2024-37898 | XWiki Platform vulnerable to document deletion and overwrite from edit | xwiki | xwiki-platform | Medium | 4.3 | 2024-07-31 15:12:22 | Deep Dive |
| CVE-2024-38369 | XWiki programming rights may be inherited by inclusion | xwiki | xwiki-platform | Critical | 9.9 | 2024-06-24 16:39:38 | Deep Dive |
| CVE-2024-37899 | Disabling a user account changes its author, allowing RCE from user account in XWiki | xwiki | xwiki-platform | Critical | 9.0 | 2024-06-20 22:13:59 | Deep Dive |
| CVE-2024-31997 | XWiki Platform remote code execution from account through UIExtension parameters | xwiki | xwiki-platform | Critical | 9.9 | 2024-04-10 21:55:43 | Deep Dive |
| CVE-2024-31988 | XWiki Platform CSRF remote code execution through the realtime HTML Converter API | xwiki | xwiki-platform | Critical | 9.6 | 2024-04-10 20:40:37 | Deep Dive |