org.apache.wicket:wicket-core (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.apache.wicket:wicket-core, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (8)
CVE-2016-6806 — CVSS 8.8 (high): Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 provide a CSRF prevention measure that fails to discover some cross origin…
CVE-2021-23937 — CVSS 7.5 (high): A DNS proxy and possible amplification attack vulnerability in WebClientInfo of Apache Wicket allows an attacker to trigger arbitrary DNS…
CVE-2014-3526 — CVSS 7.5 (high): Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via…
CVE-2014-7808 — CVSS 7.5 (high): Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before 7.0.0-M5 make it easier for attackers to defeat a cryptographic protection…
CVE-2020-11976 — CVSS 7.5 (high): By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly…
CVE-2026-43975 — CVSS 6.5 (medium): FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName before…
CVE-2024-53299 — CVSS 6.5 (medium): The request handling in the core in Apache Wicket 7.0.0 on any platform allows an attacker to create a DOS via multiple requests to server…
CVE-2014-0043 — CVSS 5.3 (medium): In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of…