High Severity Vulnerabilities

Vulnerability Name	CVE CWE	CWE	Severity
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-35152)	CVE-2023-35152 CWE-94	CWE-94	High
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-37909)	CVE-2023-37909 CWE-94	CWE-94	High
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-37914)	CVE-2023-37914 CWE-94	CWE-94	High
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-40177)	CVE-2023-40177 CWE-94	CWE-94	High
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-46243)	CVE-2023-46243 CWE-94	CWE-94	High
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-50721)	CVE-2023-50721 CWE-94	CWE-94	High
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-50723)	CVE-2023-50723 CWE-94	CWE-94	High
XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2020-13654)	CVE-2020-13654 CWE-116	CWE-116	High
XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2022-36099)	CVE-2022-36099 CWE-116	CWE-116	High
XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2022-36100)	CVE-2022-36100 CWE-116	CWE-116	High
XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2022-41934)	CVE-2022-41934 CWE-116	CWE-116	High
XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2023-26472)	CVE-2023-26472 CWE-116	CWE-116	High
XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2023-45135)	CVE-2023-45135 CWE-116	CWE-116	High
XWiki Improper Handling of Insufficient Privileges Vulnerability (CVE-2024-21648)	CVE-2024-21648 CWE-274	CWE-274	High
XWiki Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-37913)	CVE-2023-37913 CWE-22	CWE-22	High
XWiki Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') Vulnerability (CVE-2022-41928)	CVE-2022-41928 CWE-707	CWE-707	High
XWiki Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') Vulnerability (CVE-2022-41931)	CVE-2022-41931 CWE-707	CWE-707	High
XWiki Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') Vulnerability (CVE-2023-29511)	CVE-2023-29511 CWE-707	CWE-707	High
XWiki Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') Vulnerability (CVE-2023-37462)	CVE-2023-37462 CWE-707	CWE-707	High
XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-50722)	CVE-2023-50722 CWE-707	CWE-707	High
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-15252)	CVE-2020-15252 CWE-138	CWE-138	High
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-29510)	CVE-2023-29510 CWE-138	CWE-138	High
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-29512)	CVE-2023-29512 CWE-138	CWE-138	High
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-29514)	CVE-2023-29514 CWE-138	CWE-138	High
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-29516)	CVE-2023-29516 CWE-138	CWE-138	High
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-29518)	CVE-2023-29518 CWE-138	CWE-138	High
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-29519)	CVE-2023-29519 CWE-138	CWE-138	High
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-29521)	CVE-2023-29521 CWE-138	CWE-138	High
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-29522)	CVE-2023-29522 CWE-138	CWE-138	High
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-29523)	CVE-2023-29523 CWE-138	CWE-138	High
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-29524)	CVE-2023-29524 CWE-138	CWE-138	High
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-29525)	CVE-2023-29525 CWE-138	CWE-138	High
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-29526)	CVE-2023-29526 CWE-138	CWE-138	High
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-29527)	CVE-2023-29527 CWE-138	CWE-138	High
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-36469)	CVE-2023-36469 CWE-138	CWE-138	High
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-36470)	CVE-2023-36470 CWE-138	CWE-138	High
XWiki Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-4641)	CVE-2010-4641 CWE-138	CWE-138	High
XWiki Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-21380)	CVE-2021-21380 CWE-138	CWE-138	High
XWiki Improper Privilege Management Vulnerability (CVE-2023-26475)	CVE-2023-26475 CWE-269	CWE-269	High
XWiki Improper Privilege Management Vulnerability (CVE-2023-34465)	CVE-2023-34465 CWE-269	CWE-269	High
XWiki Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2023-26476)	CVE-2023-26476 CWE-307	CWE-307	High
XWiki Improper Restriction of XML External Entity Reference Vulnerability (CVE-2023-27480)	CVE-2023-27480 CWE-611	CWE-611	High
XWiki Incomplete Cleanup Vulnerability (CVE-2023-36468)	CVE-2023-36468 CWE-459	CWE-459	High
XWiki Incorrect Authorization Vulnerability (CVE-2023-32069)	CVE-2023-32069 CWE-863	CWE-863	High
XWiki Incorrect Authorization Vulnerability (CVE-2023-46244)	CVE-2023-46244 CWE-863	CWE-863	High
XWiki Incorrect Use of Privileged APIs Vulnerability (CVE-2022-24821)	CVE-2022-24821 CWE-648	CWE-648	High
XWiki Missing Authorization Vulnerability (CVE-2022-36091)	CVE-2022-36091 CWE-862	CWE-862	High
XWiki Missing Authorization Vulnerability (CVE-2022-41930)	CVE-2022-41930 CWE-862	CWE-862	High
XWiki Missing Authorization Vulnerability (CVE-2022-41937)	CVE-2022-41937 CWE-862	CWE-862	High
XWiki Missing Authorization Vulnerability (CVE-2023-37910)	CVE-2023-37910 CWE-862	CWE-862	High
XWiki Other Vulnerability (CVE-2022-36090)	CVE-2022-36090		High
XWiki Other Vulnerability (CVE-2023-26478)	CVE-2023-26478		High
XWiki Other Vulnerability (CVE-2023-29507)	CVE-2023-29507		High
XWiki Out-of-bounds Write Vulnerability (CVE-2023-26470)	CVE-2023-26470 CWE-787	CWE-787	High
XWiki Platform RCE (CVE-2023-37462)	CVE-2023-37462 CWE-74	CWE-74	High
XWiki Server-Side Request Forgery (SSRF) Vulnerability (CVE-2023-48240)	CVE-2023-48240 CWE-918	CWE-918	High
XWiki Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2022-23619)	CVE-2022-23619 CWE-640	CWE-640	High
YetiForce CRM Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-0269)	CVE-2022-0269 CWE-352	CWE-352	High
YOURLS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-0088)	CVE-2022-0088 CWE-352	CWE-352	High
YOURLS Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2021-3734)	CVE-2021-3734 CWE-1021	CWE-1021	High
Zabbix 1.8.x-2.2.x Local File Inclusion via XXE Attack	CWE-611	CWE-611	High
Zabbix 2.0.8 SQL injection	CVE-2013-5743 CWE-89	CWE-89	High
ZenCart Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-11675)	CVE-2017-11675 CWE-94	CWE-94	High
ZenCart Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2021-3291)	CVE-2021-3291 CWE-138	CWE-138	High
ZenCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-2254)	CVE-2009-2254 CWE-138	CWE-138	High
ZenCart Other Vulnerability (CVE-2009-4323)	CVE-2009-4323		High
Zend framework configuration file information disclosure	CWE-538	CWE-538	High
Zend Framework local file disclosure via XXE injection	CVE-2012-3363 CVE-2015-5161 CWE-611	CWE-611	High
Zenphoto Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-5593)	CVE-2020-5593 CWE-138	CWE-138	High
Zenphoto Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2007-6666)	CVE-2007-6666 CWE-138	CWE-138	High
Zenphoto Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-4566)	CVE-2009-4566 CWE-138	CWE-138	High
Zenphoto Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-4906)	CVE-2010-4906 CWE-138	CWE-138	High
Zenphoto Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2015-5591)	CVE-2015-5591 CWE-138	CWE-138	High
Zenphoto Improper Privilege Management Vulnerability (CVE-2018-0610)	CVE-2018-0610 CWE-269	CWE-269	High
Zenphoto Other Vulnerability (CVE-2007-0616)	CVE-2007-0616		High