| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-31987 | XWiki Platform remote code execution from account via custom skins support | xwiki | xwiki-platform | Critical | 9.9 | 2024-04-10 20:32:39 | Deep Dive |
| CVE-2024-31986 | XWiki Platform CSRF remote code execution through scheduler job's document reference | xwiki | xwiki-platform | Critical | 9.0 | 2024-04-10 20:27:30 | Deep Dive |
| CVE-2024-31985 | XWiki Platform CSRF in the job scheduler | xwiki | xwiki-platform | Medium | 5.4 | 2024-04-10 20:11:53 | Deep Dive |
| CVE-2024-31984 | XWiki Platform: Remote code execution through space title and Solr space facet | xwiki | xwiki-platform | Critical | 9.9 | 2024-04-10 19:53:51 | Deep Dive |
| CVE-2024-31983 | XWiki Platform: Remote code execution from edit in multilingual wikis via translations | xwiki | xwiki-platform | Critical | 9.9 | 2024-04-10 19:44:49 | Deep Dive |
| CVE-2024-31982 | XWiki Platform: Remote code execution as guest via DatabaseSearch | xwiki | xwiki-platform | Critical | 10.0 | 2024-04-10 19:38:02 | Deep Dive |
| CVE-2024-31981 | XWiki Platform: Privilege escalation (PR) from user registration through PDFClass | xwiki | xwiki-platform | Critical | 9.9 | 2024-04-10 19:22:57 | Deep Dive |
| CVE-2024-31465 | XWiki Platform: Remote code execution from account via SearchSuggestSourceSheet | xwiki | xwiki-platform | Critical | 9.9 | 2024-04-10 19:12:36 | Deep Dive |
| CVE-2024-31464 | XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted | xwiki | xwiki-platform | Medium | 6.8 | 2024-04-10 18:14:37 | Deep Dive |
| CVE-2024-21648 | XWiki has no right protection on rollback action | xwiki | xwiki-platform | High | 8.0 | 2024-01-08 23:31:50 | Deep Dive |
| CVE-2024-21651 | XWiki Denial of Service attack through attachments | xwiki | xwiki-platform | High | 7.5 | 2024-01-08 23:30:04 | Deep Dive |
| CVE-2024-21650 | XWiki Remote Code Execution vulnerability via user registration | xwiki | xwiki-platform | Critical | 10.0 | 2024-01-08 15:18:13 | Deep Dive |
| CVE-2023-50732 | Velocity execution without script right through tree macro | xwiki | xwiki-platform | High | 8.3 | 2023-12-21 19:42:01 | Deep Dive |
| CVE-2023-50723 | XWiki Platform remote code execution/programming rights with configuration section from any user account | xwiki | xwiki-platform | Critical | 9.9 | 2023-12-15 19:02:58 | Deep Dive |
| CVE-2023-50722 | XWiki Platform XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass | xwiki | xwiki-platform | Critical | 9.6 | 2023-12-15 19:02:52 | Deep Dive |
| CVE-2023-50721 | XWiki Platform RCE from account through SearchAdmin | xwiki | xwiki-platform | Critical | 9.9 | 2023-12-15 19:02:46 | Deep Dive |
| CVE-2023-50719 | XWiki Platform Solr search discloses password hashes of all users | xwiki | xwiki-platform | High | 7.5 | 2023-12-15 19:02:41 | Deep Dive |
| CVE-2023-50720 | XWiki Platform Solr search discloses email addresses of users | xwiki | xwiki-platform | Medium | 5.3 | 2023-12-15 19:02:35 | Deep Dive |
| CVE-2023-48241 | XWiki exposed whole content of all documents of all wikis to anybody with view right on Solr suggest service | xwiki | xwiki-platform | High | 7.5 | 2023-11-20 17:58:55 | Deep Dive |
| CVE-2023-48240 | XWiki Platform sends cookies to external images in rendered diff and is vulnerable to server side request forgery | xwiki | xwiki-platform | Critical | 9.0 | 2023-11-20 17:48:03 | Deep Dive |