Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 25+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Clear filters
Medium
XWiki Platform Changes View URL Generation Bug Fix
XWIKI-23472 · github.com · 2026-04-18
XWiki Platform 18.0.0-rc-1
Read more
Low
XWiki DBListClass Query Limit Bypass Vulnerability (XWIKI-23550) and Fix
XWIKI-23550 · github.com · 2026-04-18
XWiki < 47b568c
Read more
Medium
XWiki REST API Unavailability Vulnerability and Fix
github.com · 2026-04-18
xwiki 1.8 RC-1 to 16.10.15 · xwiki 17.0 RC-1 to 17.4.7 …
Read more
High
XWiki ScriptXWikiServletRequest Unauthenticated Access to Underlying HttpServletRequest Fix
XWIKI-23698 · github.com · 2026-04-09

### Vulnerability Summary **Vulnerability Overview** * **Vulnerability ID**: XWiki-23698 * **Description**: The `ScriptXWikiServletRequest.getRequest()` method lacked permission checks prior to the fi…

Read more
Medium
XWiki CSS Injection Clickjacking Vulnerability (CVE-2026-26000) and Patch
CVE-2026-26000 · github.com · 2026-02-21
org.xwiki.platform:xwiki-platform-web < 17.9.0
Read more
Unknown
XWiki CVE-2026-24128 Reflected XSS Vulnerability Advisory
CVE-2026-24128 · github.com · 2026-01-27
org.xwiki.platform:xwiki-platform-web-templates >= 7.0-milestone-2, < 16.10.12 · org.xwiki.platform:xwiki-platform-web-templates >= 17.0.0-rc-1, < 17.4.5 …
Read more
Premium intel
High
Analysis of PDF Template Rendering Authorization Bypass Fix
github.com · 2025-11-14
XWiki Platform
Read more
Premium intel
Critical
XWiki CVE-2023-29511 Privilege Escalation via Groovy/Velocity Injection
CVE-2023-29511 · github.com · 2025-11-10
XWiki >= 1.5M2
Read more
XWiki XSS Vulnerability Fix Analysis (Commit 8e7b4ca)
github.com · 2025-09-05

From this webpage screenshot, the following key information about the vulnerability can be obtained: - **Vulnerability Type**: XWiki XSS (Cross-Site Scripting) vulnerability. - **Fix Commit**: Commit …

Read more
XWiki Scripting XSS Vulnerability Fix Analysis
github.com · 2025-09-05

From this webpage screenshot, the following key information about the vulnerability can be obtained: - **Vulnerability Type**: XWiki XSS (Cross-Site Scripting) vulnerability. - **Fix Commit**: Commit …

Read more
XWiki CVE-2025-55747 Critical Config File Disclosure via Webjars API
github.com · 2025-09-05

### Critical Vulnerability Information #### Vulnerability Title - **Configuration files can be accessed through the webjars API** #### Severity - **Critical** (CVSS v4 base metrics: 9.3/10) #### Impac…

Read more
Xiaomi Mone AppService SQL Injection Vulnerability and Fix
github.com · 2025-08-07

### Vulnerability Key Information - **Vulnerability Type**: SQL Injection - **Affected File**: `/src/main/java/com/xiaomi/mone/app/api/service/AppService.java` - **Specific Code Lines**: - Line 246: `…

Read more
XWiki Reflected XSS Vulnerability (CVE-2025-32430) and Patch Details
github.com · 2025-08-07

### Critical Vulnerability Information #### Vulnerability Name - Reflected XSS in two templates #### Severity - Moderate - CVSS v4 Base Score: 6.5/10 #### Affected Scope - **Affected Versions** - org.…

Read more
XWiki CVE-2025-54125 XML Export Information Disclosure Vulnerability
github.com · 2025-08-07

### Critical Vulnerability Information #### Vulnerability Title - **Passwords and emails stored in fields not named password/email exposed in xml.vm** #### Severity - **High** - **CVSS v4 base metrics…

Read more
XWiki CVE-2025-54124 Sensitive Information Disclosure via Database List Properties
github.com · 2025-08-07

### Critical Vulnerability Information #### Vulnerability Description - **Title**: Any user with edit permissions can access password hashes or other password-related attributes of all users via datab…

Read more
XWiki SQL Injection Vulnerability (CVE-2025-32429) Advisory
github.com · 2025-07-26

### Key Information #### Vulnerability Overview - **Vulnerability Type**: SQL Injection - **Affected File**: `sort` parameter in the `getdeleteddocuments.vm` template - **Severity**: Critical (CVSS v4…

Read more
Premium intel
CVSS 10.0
XWiki CVE-2025-53836 Macro Parser Bypass Leads to RCE
github.com · 2025-07-15

### Critical Vulnerability Information #### Vulnerability Overview - **Title**: The macro content parser doesn't preserve the restricted transformation context, allowing RCE from comments - **Severity…

Read more
CVSS 9.1
XWiki XHTML Rendering Basic XSS Vulnerability (CVSS 9.1)
github.com · 2025-07-15

### Key Information #### Vulnerability Title - **Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in a dependency of org.xwiki.rendering:xwiki-rendering-syntax-xhtml** ###…

Read more
XWiki CVE-2025-49587 Notification Displayer XSS Vulnerability and Patch
github.com · 2025-06-15

### Critical Vulnerability Information #### Vulnerability Title - **No required right warnings for notification displayer objects** #### Severity - **Moderate** - CVSS v4 base metrics: 6.4 / 10 #### A…

Read more
XWiki NotificationEmailRendererClass Velocity Template Injection
github.com · 2025-06-15

### Critical Vulnerability Information #### Vulnerability Title No warning when granting XWiki.Notifications.Code.NotificationEmailRendererClass admin right #### Severity - **Level**: Moderate (5.1/10…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.