| CVE-2026-33137 |
critical |
— |
9.5 |
|
|
|
12d ago |
XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName} |
| CVE-2025-66473 |
unknown |
— |
— |
|
|
|
6mo ago |
XWiki's REST APIs don't enforce any limits, leading to unavailability and OOM in large wikis |
| CVE-2025-52472 |
unknown |
— |
— |
|
|
|
8mo ago |
XWiki Platform is vulnerable to HQL injection via wiki and space search REST API |
| CVE-2025-49584 |
unknown |
— |
— |
|
|
|
1y ago |
XWiki makes title of inaccessible pages available through the class property values REST API |
| CVE-2025-46554 |
unknown |
— |
— |
|
|
|
1y ago |
XWiki missing authorization when accessing the wiki level attachments list and metadata via REST API |
| CVE-2025-32969 |
unknown |
— |
— |
|
|
|
1y ago |
org.xwiki.platform:xwiki-platform-rest-server allows SQL injection in query endpoint of REST API |
| CVE-2024-45591 |
unknown |
— |
— |
|
|
|
2y ago |
XWiki Platform document history including authors of any page exposed to unauthorized actors |
| CVE-2023-37277 |
unknown |
— |
— |
|
|
|
3y ago |
XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API |
| CVE-2023-35151 |
unknown |
— |
— |
|
|
|
3y ago |
XWiki Platform may show email addresses in clear in REST results |
| CVE-2022-41936 |
unknown |
— |
— |
|
|
|
4y ago |
Exposure of Private Personal Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-rest-server |