Exposição de Apache Wicket
Web frameworks28
score de exposição
2.364
sites usam
0
em exploração
2
críticos
CVEs
11 resultadosCVE-2021-23937—DNS proxy and possible amplification attackEPSS 4.3%CVE-2020-11976—By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly senEPSS 3.8%CVE-2014-0043—In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of partiEPSS 3.0%CVE-2024-36522CRITICALApache Wicket: Remote code execution via XSLT injectionEPSS 2.1%CVE-2024-53299MEDIUMApache Wicket: An attacker can intentionally trigger a memory leakEPSS 1.5%CVE-2016-6806—Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 provide a CSRF prevention measure that fails to discover some cross origin rEPSS 0.8%CVE-2026-43975MEDIUMApache Wicket: Possible malicious path traversal in FolderUploadsFileManagerEPSS 0.7%CVE-2024-27439MEDIUMApache Wicket: Possible bypass of CSRF protectionEPSS 0.7%CVE-2026-43646HIGHApache Wicket: crafted URLs can bypass PackageResourceGuardEPSS 0.4%CVE-2026-40010CRITICALApache Wicket: possible session fixation using AuthenticatedWebSessionEPSS 0.4%CVE-2026-42509MEDIUMApache Wicket: crafted strings can break out of the JavaScript sequenceEPSS 0.4%
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →