| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-27479 | Improper Neutralization of Directives in Dynamically Evaluated Code in org.xwiki.platform:xwiki-platform-panels-ui | xwiki | xwiki-platform | Critical | 9.9 | 2023-03-07 18:09:18 | Deep Dive |
| CVE-2023-26056 | XWiki Platform allows macro execution as any user without programming rights through the context macro | xwiki | xwiki-platform | Medium | 5.4 | 2023-03-02 18:44:00 | Deep Dive |
| CVE-2023-26470 | In XWiki Platform, saving a document with a large object number leads to persistent OOM errors | xwiki | xwiki-platform | Medium | 5.7 | 2023-03-02 18:37:24 | Deep Dive |
| CVE-2023-26471 | XWiki Platform users may execute anything with superadmin right through comments and async macro | xwiki | xwiki-platform | Critical | 9.9 | 2023-03-02 18:28:52 | Deep Dive |
| CVE-2023-26472 | XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile | xwiki | xwiki-platform | Critical | 9.9 | 2023-03-02 18:25:06 | Deep Dive |
| CVE-2023-26473 | XWiki Platform allows unprivileged users to make arbitrary select queries using DatabaseListProperty and suggest.vm | xwiki | xwiki-platform | Medium | 6.5 | 2023-03-02 18:17:09 | Deep Dive |
| CVE-2023-26474 | XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author | xwiki | xwiki-platform | Critical | 9.9 | 2023-03-02 18:12:16 | Deep Dive |
| CVE-2023-26475 | XWiki Platform vulnerable to Remote Code Execution in Annotations | xwiki | xwiki-platform | Critical | 9.9 | 2023-03-02 18:07:04 | Deep Dive |
| CVE-2023-26476 | Two XWiki Platform UIs Expose Sensitive Information to an Unauthorized Actor | xwiki | xwiki-platform | High | 7.5 | 2023-03-02 18:02:20 | Deep Dive |
| CVE-2023-26477 | org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability | xwiki | xwiki-platform | Critical | 10.0 | 2023-03-02 17:52:40 | Deep Dive |
| CVE-2023-26478 | org.xwiki.platform:xwiki-platform-store-filesystem-oldcore has Exposed Dangerous Method or Function | xwiki | xwiki-platform | Medium | 6.6 | 2023-03-02 17:46:15 | Deep Dive |
| CVE-2023-26479 | org.xwiki.platform:xwiki-platform-rendering-parser vulnerable to Improper Handling of Exceptional Conditions | xwiki | xwiki-platform | Medium | 6.5 | 2023-03-02 17:20:19 | Deep Dive |
| CVE-2023-26480 | XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data | xwiki | xwiki-platform | High | 8.9 | 2023-03-02 17:09:19 | Deep Dive |
| CVE-2023-25575 | Secured properties in API Platform Core may be accessible within collections | api-platform | core | High | 7.7 | 2023-02-28 22:21:49 | Deep Dive |
| CVE-2022-38111 | SolarWinds Platform Deserialization of Untrusted Data Vulnerability | SolarWinds | SolarWinds Platform | High | 7.2 | 2023-02-15 00:00:00 | Deep Dive |
| CVE-2022-47503 | SolarWinds Platform Deserialization of Untrusted Data Vulnerability | SolarWinds | SolarWinds Platform | High | 7.2 | 2023-02-15 00:00:00 | Deep Dive |
| CVE-2022-47504 | SolarWinds Platform Deserialization of Untrusted Data Vulnerability | SolarWinds | SolarWinds Platform | High | 7.2 | 2023-02-15 00:00:00 | Deep Dive |
| CVE-2022-47506 | SolarWinds Platform Directory Traversal Vulnerability | SolarWinds | SolarWinds Platform | High | 7.8 | 2023-02-15 00:00:00 | Deep Dive |
| CVE-2022-47507 | SolarWinds Platform Deserialization of Untrusted Data Vulnerability | SolarWinds | SolarWinds Platform | High | 7.2 | 2023-02-15 00:00:00 | Deep Dive |
| CVE-2023-23836 | SolarWinds Platform Deserialization of Untrusted Data Vulnerability | SolarWinds | SolarWinds Platform | High | 7.2 | 2023-02-15 00:00:00 | Deep Dive |