7 matches found
GHSA-5X9H-93GP-CHPJ Apache Wicket has a Cross-site Scripting issue
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...
CVE-2026-40010
Missing invocation of Servlet http web request method changeSessionId after session binding can be exploited for a session fixation attack in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version...
CVE-2026-43646
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...
Apache Wicket 信息泄露漏洞
Apache Wicket is an open-source, lightweight, component-based framework developed by the Apache Foundation in the United States. It provides an object-oriented approach for developing web-based dynamic UI applications. Versions of Apache Wicket from 8.0.0 to 8.17.0, from 9.0.0 to 9.22.0, and from...
CVE-2025-68129
Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Projects are affected if the...
Auth0-PHP 安全漏洞
Auth0-PHP is an Auth0 open source PHP SDK for Auth0 authentication and management APIs. A security vulnerability exists in Auth0-PHP versions 8.0.0 through 8.17.0 that stems from improper audience validation in access tokens, which could result in accepting ID tokens as access tokens...
007putra-my-bot (=1.1.1), 02strich-markdown (>=1.0.0 <=1.0.2) +8669 more potentially affected by CVE-2024-37890 via ws (>=8.0.0 <=8.17.0)
ws NPM version =8.0.0, =1.0.0, =0.0.31, =0.2.0, =1.0.53, =1.0.0, =0.2.3, =0.2.5 - 7t7t7t37t =1.0.0 - 84447xe5t8 =1.0.0 - 8wcy8cycwcu =1.0.0 - 8wyc8ywyc8c =1.0.0 - 9cwyw8bcyy8wc =1.0.0 and more Source cves: CVE-2024-37890 Source advisory: OSV:GHSA-3H5V-Q93C-6H6Q...