Package impact
Maven / org.xwiki.platform:xwiki-platform-legacy-oldcore
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-40104 | unknown | — | — | 1mo ago | XWiki's REST APIs can list all pages/spaces, leading to unavailability | |
| CVE-2026-33229 | unknown | — | — | 2mo ago | XWiki vulnerable to remote code execution with script right through unprotected Velocity scripting API | |
| CVE-2025-54125 | unknown | — | — | 10mo ago | XWiki exposes passwords and emails stored in fields not named password/email in xml.vm | |
| CVE-2025-54124 | unknown | — | — | 10mo ago | XWiki leaks password hashes and other accessible password properties | |
| CVE-2023-26474 | unknown | — | — | 3y ago | XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author |