26 matches found
NPM: Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection
NPM: Mermaid: Improper sanitization of classDef in state diagrams leads to HTML injection vulnerability discovered by ? in WordPress Npm mermaid versions = 10.9.5...
CVE-2026-42509
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...
CVE-2026-42509
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...
CVE-2026-42509
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...
CVE-2026-42509 Apache Wicket: crafted strings can break out of the JavaScript sequence
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...
CVE-2026-43646 Apache Wicket: crafted URLs can bypass PackageResourceGuard
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...
PT-2026-37431
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...
Linux Distros Unpatched Vulnerability : CVE-2022-27449
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/itemfunc.cc:148. CVE-2022-27449 Note that Nessus relies on t...
BIT-MARIADB-MIN-2022-27452
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/itemcmpfunc.cc...
BIT-MARIADB-MIN-2022-27448
There is an Assertion failure in MariaDB Server v10.9 and below via 'node-pcur-relpos == BTRPCURON' at /row/row0mysql.cc...
CVE-2024-51947
ArcGIS Server (Esri) vulnerable: stored XSS in ArcGIS Server versions 11.3 and below via a crafted link, exploitable by a remote, authenticated attacker with publisher privileges. Impact is low on confidentiality and integrity; no impact to availability. Root cause: stored cross-site scripting in...
CVE-2024-47316
Authorization Bypass Through User-Controlled Key vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 10.9...
PT-2024-12150 · Dell · Dell Command | Monitor
Name of the Vulnerable Software and Affected Versions: Dell Command | Monitor versions prior to 10.9 Description: The issue allows a locally authenticated malicious user to perform a privileged arbitrary file delete by exploiting an arbitrary folder deletion vulnerability. Recommendations: For...
CVE-2023-3254
The Widgets for Google Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.9. This is due to missing or incorrect nonce validation within setupnoregheader.php. This makes it possible for unauthenticated attackers to reset plugin settings a...
SUSE CVE-2022-27445
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sqlwindow.cc...
CVE-2022-38206
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked could execute arbitrary JavaScript code in the victim’s browser...
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.
...
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.
...
CVE-2022-27451
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/fieldconv.cc...
DEBIAN-CVE-2022-27446
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/itemcmpfunc.h...