Twiki CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (29 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2006-4294	1 Twiki	1 Twiki	2025-04-03	N/A
Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2006-3819	1 Twiki	1 Twiki	2025-04-03	N/A
Eval injection vulnerability in the configure script in TWiki 4.0.0 through 4.0.4 allows remote attackers to execute arbitrary Perl code via an HTTP POST request containing a parameter name starting with "TYPEOF".
CVE-2006-1387	1 Twiki	1 Twiki	2025-04-03	N/A
TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote authenticated users with edit rights to cause a denial of service (infinite recursion leading to CPU and memory consumption) via INCLUDE by URL statements that form a loop, such as a page that includes itself.
CVE-2006-1386	1 Twiki	1 Twiki	2025-04-03	N/A
The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore access control settings, which allows remote attackers to read restricted areas and access restricted content in TWiki topics.
CVE-2006-2942	1 Twiki	1 Twiki	2025-04-03	N/A
TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki administrator privileges via a TWiki.TWikiRegistration form with a modified action attribute that references the Sandbox web instead of the user web, which can then be used to associate the user's login name with the WikiName of a member of the TWikiAdminGroup.
CVE-2018-20212	1 Twiki	1 Twiki	2024-11-21	N/A
bin/statistics in TWiki 6.0.2 allows cross-site scripting (XSS) via the webs parameter.
CVE-2014-7236	1 Twiki	1 Twiki	2024-11-21	9.1 Critical
Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome.
CVE-2013-1751	1 Twiki	1 Twiki	2024-11-21	9.8 Critical
TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters.
CVE-2005-3056	1 Twiki	1 Twiki	2024-11-21	9.8 Critical
TWiki allows arbitrary shell command execution via the Include function

« first previous Page 2 of 2.