VYPR

Vendor CVEs

Xwiki Contrib

All CVEs

47 total · sorted by risk
  • CVE-2025-49594CriOct 6, 2025
    risk 0.53cvss epss 0.01

    XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Starting in version 2.17.1 and prior to version 2.18.2, anyone with VIEW access to a user profile can create a token for that user. If that XWiki instance is configured to allow token authentication, it…

  • CVE-2018-16666HigSep 7, 2018
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in next_string in os/storage/antelope/aql-lexer.c while parsing AQL (parsing next string).

  • CVE-2018-16663HigSep 7, 2018
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in parse_relations in os/storage/antelope/aql-parser.c while parsing AQL (storage of relations).

  • CVE-2025-58365HigSep 8, 2025
    risk 0.50cvss epss 0.01

    The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Prior to version 9.14, the blog application in XWiki allowed remote code execution for any user who has edit right on any page. Normally, these are all logged-in users as they can edit…

  • CVE-2018-16667HigSep 7, 2018
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in Contiki-NG through 4.1. There is a buffer over-read in lookup in os/storage/antelope/lvm.c while parsing AQL (lvm_register_variable, lvm_set_variable_value, create_intersection, create_union).

  • CVE-2018-16664HigSep 7, 2018
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow in lvm_set_type in os/storage/antelope/lvm.c while parsing AQL (lvm_set_op, lvm_set_relation, lvm_set_operand).

  • CVE-2025-31487HigApr 3, 2025
    risk 0.43cvss 7.7epss 0.00

    The XWiki JIRA extension provides various integration points between XWiki and JIRA (macros, UI, CKEditor plugin). If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns…

  • CVE-2018-16665MedSep 7, 2018
    risk 0.40cvss 6.1epss 0.00

    An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow while parsing AQL in lvm_shift_for_operator in os/storage/antelope/lvm.c.

  • CVE-2026-42140MedMay 4, 2026
    risk 0.22cvss 4.4epss 0.00

    PlantUML Macro is a macro for rendering UML diagrams from simple textual schemes. Prior to version 2.4.1, the PlantUML Macro is vulnerable to Server-Side Request Forgery (SSRF). The macro allows users to specify an alternative PlantUML server via the server parameter. However,…

  • CVE-2018-1000804CriOct 8, 2018
    risk 0.01cvss 9.8epss 0.06

    contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be…

  • CVE-2025-65091Jan 10, 2026
    risk 0.00cvss epss 0.00

    XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.5, users with the right to view the Calendar.JSONService page (including guest users) can exploit a SQL injection vulnerability by accessing database info or starting a DoS attack.…

  • CVE-2025-65090Jan 10, 2026
    risk 0.00cvss epss 0.00

    XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.6, users with the rights to view the Calendar.JSONService page (including guest users) can exploit the data leak vulnerability by accessing database info, with the exception of…

  • CVE-2025-46558Apr 30, 2025
    risk 0.00cvss epss 0.00

    XWiki Contrib's Syntax Markdown allows importing Markdown content into wiki pages and creating wiki content in Markdown. In versions starting from 8.2 to before 8.9, the Markdown syntax is vulnerable to cross-site scripting (XSS) through HTML. In particular, using Markdown…

  • CVE-2023-29001Nov 27, 2024
    risk 0.00cvss epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for IoT devices. The Contiki-NG operating system processes source routing headers (SRH) in its two alternative RPL protocol implementations. The IPv6 implementation uses the results of this processing to determine…

  • CVE-2024-41125Nov 27, 2024
    risk 0.00cvss epss 0.00

    Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the default Contiki-NG…

  • CVE-2024-41126Nov 27, 2024
    risk 0.00cvss epss 0.00

    Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the default Contiki-NG…

  • CVE-2024-47181Nov 27, 2024
    risk 0.00cvss epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for IoT devices. An unaligned memory access can be triggered in the two RPL implementations of the Contiki-NG operating system. The problem can occur when either one of these RPL implementations is enabled and…

  • CVE-2023-50926Feb 14, 2024
    risk 0.00cvss epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be caused by an incoming DIO message when using the RPL-Lite implementation in the Contiki-NG operating system. More specifically, the prefix information of…

  • CVE-2023-50927Feb 14, 2024
    risk 0.00cvss epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An attacker can trigger out-of-bounds reads in the RPL-Lite implementation of the RPL protocol in the Contiki-NG operating system. This vulnerability is caused by insufficient control…

  • CVE-2023-48229Feb 14, 2024
    risk 0.00cvss epss 0.00

    Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds write exists in the driver for IEEE 802.15.4 radios on nRF platforms in the Contiki-NG operating system. The problem is triggered when parsing radio frames in the…

  • CVE-2023-49280Dec 4, 2023
    risk 0.00cvss epss 0.01

    XWiki Change Request is an XWiki application allowing to request changes on a wiki without publishing directly the changes. Change request allows to edit any page by default, and the changes are then exported in an XML file that anyone can download. So it's possible for an…

  • CVE-2023-45138Oct 12, 2023
    risk 0.00cvss epss 0.71

    Change Request is an pplication allowing users to request changes on a wiki without publishing the changes directly. Starting in version 0.11 and prior to version 1.9.2, it's possible for a user without any specific right to perform script injection and remote code execution…

  • CVE-2023-37459Sep 15, 2023
    risk 0.00cvss epss 0.00

    Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when a packet is received, the Contiki-NG network stack attempts to start the periodic TCP timer if it is a TCP packet with the SYN flag set. But the implementation does not first verify…

  • CVE-2023-37281Sep 15, 2023
    risk 0.00cvss epss 0.00

    Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when processing the various IPv6 header fields during IPHC header decompression, Contiki-NG confirms the received packet buffer contains enough data as needed for that field. But no…

  • CVE-2023-34101Jun 14, 2023
    risk 0.00cvss epss 0.01

    Contiki-NG is an operating system for internet of things devices. In version 4.8 and prior, when processing ICMP DAO packets in the `dao_input_storing` function, the Contiki-NG OS does not verify that the packet buffer is big enough to contain the bytes it needs before accessing…

  • CVE-2023-34100Jun 9, 2023
    risk 0.00cvss epss 0.00

    Contiki-NG is an open-source, cross-platform operating system for IoT devices. When reading the TCP MSS option value from an incoming packet, the Contiki-NG OS does not verify that certain buffer indices to read from are within the bounds of the IPv6 packet buffer, uip_buf. In…

  • CVE-2023-31129May 8, 2023
    risk 0.00cvss epss 0.01

    The Contiki-NG operating system versions 4.8 and prior can be triggered to dereference a NULL pointer in the message handling code for IPv6 router solicitiations. Contiki-NG contains an implementation of IPv6 Neighbor Discovery (ND) in the module `os/net/ipv6/uip-nd6.c`. The ND…

  • CVE-2023-30546Apr 26, 2023
    risk 0.00cvss epss 0.01

    Contiki-NG is an operating system for Internet of Things devices. An off-by-one error can be triggered in the Antelope database management system in the Contiki-NG operating system in versions 4.8 and prior. The problem exists in the Contiki File System (CFS) backend for the…

  • CVE-2023-28116Mar 17, 2023
    risk 0.00cvss epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for internet of things (IoT) devices. In versions 4.8 and prior, an out-of-bounds write can occur in the BLE L2CAP module of the Contiki-NG operating system. The network stack of Contiki-NG uses a global buffer…

  • CVE-2023-23609Jan 25, 2023
    risk 0.00cvss epss 0.00

    Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to and including 4.8 are vulnerable to an out-of-bounds write that can occur in the BLE-L2CAP module. The Bluetooth Low Energy - Logical Link Control and Adaptation…

  • CVE-2022-41972Dec 16, 2022
    risk 0.00cvss epss 0.00

    Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 contain a NULL Pointer Dereference in BLE L2CAP module. The Contiki-NG operating system for IoT devices contains a Bluetooth Low Energy stack. An attacker can…

  • CVE-2022-41873Nov 11, 2022
    risk 0.00cvss epss 0.00

    Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 are vulnerable to an Out-of-bounds read. While processing the L2CAP protocol, the Bluetooth Low Energy stack of Contiki-NG needs to map an incoming channel ID to…

  • CVE-2022-39387Nov 4, 2022
    risk 0.00cvss epss 0.01

    XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Prior to version 1.29.1, even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider its details through request parameters. One can…

  • CVE-2022-36054Sep 1, 2022
    risk 0.00cvss epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in the Contiki-NG operating system (file os/net/ipv6/sicslowpan.c) contains an input function that processes incoming packets and copies them into a packet…

  • CVE-2022-36052Sep 1, 2022
    risk 0.00cvss epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in Contiki-NG may cast a UDP header structure at a certain offset in a packet buffer. The code does not check whether the packet buffer is large enough to…

  • CVE-2022-36053Sep 1, 2022
    risk 0.00cvss epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The low-power IPv6 network stack of Contiki-NG has a buffer module (os/net/ipv6/uipbuf.c) that processes IPv6 extension headers in incoming data packets. As part of this processing,…

  • CVE-2022-35927Aug 4, 2022
    risk 0.00cvss epss 0.02

    Contiki-NG is an open-source, cross-platform operating system for IoT devices. In the RPL-Classic routing protocol implementation in the Contiki-NG operating system, an incoming DODAG Information Option (DIO) control message can contain a prefix information option with a length…

  • CVE-2022-35926Aug 4, 2022
    risk 0.00cvss epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for IoT devices. Because of insufficient validation of IPv6 neighbor discovery options in Contiki-NG, attackers can send neighbor solicitation packets that trigger an out-of-bounds read. The problem exists in the…

  • CVE-2021-32771Aug 4, 2022
    risk 0.00cvss epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for IoT devices. In affected versions it is possible to cause a buffer overflow when copying an IPv6 address prefix in the RPL-Classic implementation in Contiki-NG. In order to trigger the vulnerability, the…

  • CVE-2021-21410Jun 18, 2021
    risk 0.00cvss epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be triggered by 6LoWPAN packets sent to devices running Contiki-NG 4.6 and prior. The IPv6 header decompression function (uncompress_hdr_iphc)…

  • CVE-2021-21257Jun 18, 2021
    risk 0.00cvss epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for internet of things devices. The RPL-Classic and RPL-Lite implementations in the Contiki-NG operating system versions prior to 4.6 do not validate the address pointer in the RPL source routing header This makes it…

  • CVE-2021-21279Jun 18, 2021
    risk 0.00cvss epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In verions prior to 4.6, an attacker can perform a denial-of-service attack by triggering an infinite loop in the processing of IPv6 neighbor solicitation (NS) messages. This type of…

  • CVE-2021-21280Jun 18, 2021
    risk 0.00cvss epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for internet of things devices. It is possible to cause an out-of-bounds write in versions of Contiki-NG prior to 4.6 when transmitting a 6LoWPAN packet with a chain of extension headers. Unfortunately, the written…

  • CVE-2021-21281Jun 18, 2021
    risk 0.00cvss epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for internet of things devices. A buffer overflow vulnerability exists in Contiki-NG versions prior to 4.6. After establishing a TCP socket using the tcp-socket library, it is possible for the remote end to send a…

  • CVE-2021-21282Jun 18, 2021
    risk 0.00cvss epss 0.01

    Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In versions prior to 4.5, buffer overflow can be triggered by an input packet when using either of Contiki-NG's two RPL implementations in source-routing mode. The problem has been…

  • CVE-2018-20579Dec 28, 2018
    risk 0.00cvss epss 0.00

    Contiki-NG before 4.2 has a stack-based buffer overflow in the push function in os/lib/json/jsonparse.c that allows an out-of-bounds write of an '{' or '[' character.

  • CVE-2018-19417Nov 21, 2018
    risk 0.00cvss epss 0.06

    An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH messages with a variable length header uses memcpy to input data into a fixed size buffer. The allocated buffer can fit only MQTT_MAX_TOPIC_LENGTH…