xwiki

Top products

The 15 most recently published vulnerabilities affecting xwiki.

• CVE-2026-33137XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}7.5May 20, 2026
• CVE-2025-51846CryptPad unbounded WebSocket frame flood7.5Apr 30, 2026
• CVE-2026-40105XWiki has Reflected Cross-Site Scripting (XSS) in its page history compare functionality6.1Apr 15, 2026
• CVE-2026-40104XWiki's REST APIs can list all pages/spaces, leading to unavailability8.2Apr 15, 2026
• CVE-2026-33229XWiki Platform affected by remote code execution with script right through unprotected Velocity scripting API9.8Apr 8, 2026
• CVE-2025-66024XWiki Blog Application home page vulnerable to Stored XSS via Post Title9.0Mar 4, 2026
• CVE-2026-26000XWiki Platform affected by click-jacking through CSS injection in comments6.1Feb 12, 2026
• CVE-2026-24128XWiki Affected by Reflected Cross-Site Scripting (XSS) in Error Messages6.1Jan 23, 2026
• CVE-2025-65091XWiki Full Calendar Macro vulnerable to SQL injection through Calendar.JSONService10.0Jan 10, 2026
• CVE-2025-65090XWiki Full Calendar Macro vulnerable to data leak through Calendar.JSONService5.3Jan 10, 2026
• CVE-2025-66474XWiki vulnerable to remote code execution through insufficient protection against {{/html}} injection8.8Dec 10, 2025
• CVE-2025-66473XWiki's REST APIs don't enforce any limits, leading to unavailability and OOM in large wikis7.5Dec 10, 2025
• CVE-2025-66472XWiki vulnerable to a reflected XSS via xredirect parameter in DeleteApplication6.1Dec 10, 2025
• CVE-2025-65036XWiki Remote Macros vulnerable to remote code execution using the confluence details summary macro8.3Dec 5, 2025
• CVE-2025-55749The XWiki Jetty package (XJetty) allows accessing any application file through URL7.5Dec 1, 2025