4 matches found
EUVD-2026-27651
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...
CVE-2026-40010
Missing invocation of Servlet http web request method changeSessionId after session binding can be exploited for a session fixation attack in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version...
CVE-2026-42509
The CVE-2026-42509 entry covers an XSS vulnerability in Apache Wicket due to Improper Neutralization of Input During Web Page Generation. Affected versions are Apache Wicket 8.0.0 through 8.17.0, 9.0.0, and 10.0.0 through 10.8.0. The issue’s fix is to upgrade to version 10.9.0, which resolves the...
PT-2022-20983 · Hitachi · Hitachi Ops Center Analyzer
Name of the Vulnerable Software and Affected Versions: Hitachi Ops Center Analyzer versions 10.8.1-00 through 10.9.0-00 Description: The issue allows local users to gain sensitive information due to the insertion of sensitive information into log files. This is related to the Virtual Strage...