CVE-2026-42509 - Apache Wicket: crafted strings can break out of the JavaScript sequence
CVE ID :CVE-2026-42509 Published : May 6, 2026, 8:34 a.m. | 1 hour, 54 minutes ago Description :Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] North Korean hackers targeted ethnic Koreans in China with Android ‘BirdCall’ malware
- [CYBER] From Stuxnet to ChatGPT: 20 News Events That Shaped Cyber
- [CYBER] CyberSecurity Nightmares
- [CYBER] CloudZ RAT Exploits Microsoft Phone Link to Steal SMS OTPs
- [CYBER] Apache fixes critical HTTP/2 double-free flaw CVE-2026-23918 enabling RCE
- [CYBER] KuCoin pone en marcha el Mes de Concientización sobre el Phishing para reforzar la protección de los usuarios en el marco de las iniciativas globales de concientización en seguridad