Lucene search
K

7 matches found

OSV
OSV
added 2026/05/06 12:30 p.m.5 views

GHSA-5X9H-93GP-CHPJ Apache Wicket has a Cross-site Scripting issue

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...

6.1CVSS5.8AI score0.00357EPSS
Exploits0References4
NVD
NVD
added 2026/05/06 10:16 a.m.6 views

CVE-2026-40010

Missing invocation of Servlet http web request method changeSessionId after session binding can be exploited for a session fixation attack in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version...

9.1CVSS0.00379EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/06 8:31 a.m.9 views

CVE-2026-43646

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...

5.8AI score0.00394EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.15 views

Apache Wicket 信息泄露漏洞

Apache Wicket is an open-source, lightweight, component-based framework developed by the Apache Foundation in the United States. It provides an object-oriented approach for developing web-based dynamic UI applications. Versions of Apache Wicket from 8.0.0 to 8.17.0, from 9.0.0 to 9.22.0, and from...

7.5CVSS5.8AI score0.00394EPSS
Exploits0References1
NVD
NVD
added 2025/12/17 10:16 p.m.6 views

CVE-2025-68129

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Projects are affected if the...

7.5CVSS0.00368EPSS
Exploits0References12
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.6 views

Auth0-PHP 安全漏洞

Auth0-PHP is an Auth0 open source PHP SDK for Auth0 authentication and management APIs. A security vulnerability exists in Auth0-PHP versions 8.0.0 through 8.17.0 that stems from improper audience validation in access tokens, which could result in accepting ID tokens as access tokens...

7.5CVSS6.8AI score0.00368EPSS
Exploits0References13
vulnersOsv
vulnersOsv
added 2024/06/17 7:9 p.m.8 views

007putra-my-bot (=1.1.1), 02strich-markdown (>=1.0.0 <=1.0.2) +8669 more potentially affected by CVE-2024-37890 via ws (>=8.0.0 <=8.17.0)

ws NPM version =8.0.0, =1.0.0, =0.0.31, =0.2.0, =1.0.53, =1.0.0, =0.2.3, =0.2.5 - 7t7t7t37t =1.0.0 - 84447xe5t8 =1.0.0 - 8wcy8cycwcu =1.0.0 - 8wyc8ywyc8c =1.0.0 - 9cwyw8bcyy8wc =1.0.0 and more Source cves: CVE-2024-37890 Source advisory: OSV:GHSA-3H5V-Q93C-6H6Q...

7.5CVSS6.8AI score0.01357EPSS
Exploits0
Rows per page
Query Builder