Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2026/05/06 12:30 p.m.11 views

Apache Wicket has a Path Traversal issue

FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName before constructing file paths, allowing an unauthenticated attacker to write arbitrary files outside the intended upload directory or read files from arbitrary locations on t...

6.5CVSS5.9AI score0.00732EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/05/06 10:16 a.m.15 views

CVE-2026-43975

FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName before constructing file paths, allowing an unauthenticated attacker to write arbitrary files outside the intended upload directory or read files from arbitrary locations on t...

6.5CVSS0.00732EPSS
Exploits0References3
CVE
CVE
added 2026/05/06 8:28 a.m.26 views

CVE-2026-43975

CVE-2026-43975 affects Apache Wicket via the FolderUploadsFileManager, which fails to validate or sanitize the uploadFieldId parameter or the clientFileName when constructing file paths. This can let an unauthenticated attacker write files outside the intended upload directory or read files from ...

6.5CVSS5.9AI score0.00732EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.18 views

Apache Wicket 路径遍历漏洞

Apache Wicket is an open-source, lightweight, component-based framework developed by the Apache Foundation in the United States. It provides an object-oriented approach for developing web-based dynamic UI applications. Versions 8.0.0 to 8.17.0, 9.0.0 to 9.22.0, and 10.0.0 to 10.8.0 of Apache Wick...

6.5CVSS5.9AI score0.00732EPSS
Exploits0References1
Rows per page
Query Builder