Lucene search
K

1313 matches found

Nuclei
Nuclei
added 11 hours ago58 views

Apache Solr DataImportHandler <8.2.0 - Remote Code Execution

Apache Solr is vulnerable to remote code execution vulnerabilities via the DataImportHandler, an optional but popular module to pull in data from databases and other sources. The module has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug...

9CVSS7.3AI score0.83547EPSS
Exploits3References5
Nuclei
Nuclei
added 11 hours ago99 views

Apache Solr - Host Environment Variables Leak via Metrics API

Exposure of Sensitive Information to an Unauthorized Actor Vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users can specify which environment variables to hide, however, the default list is designed to wor...

6.5CVSS6.6AI score0.68665EPSS
Exploits0References5
Nuclei
Nuclei
added 11 hours ago103 views

Apache OFBiz < 18.12.07 - Local File Inclusion

Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a pre-authentication attack. This issue affects Apache OFBiz: before 18.12.07. id: CVE-2022-47501 info: name: Apache OFBiz 18.12.07 - Local File Inclusion author: your3cho severity:...

7.5CVSS7AI score0.1018EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday87 views

Apache Solr <= 7.1 - XML Entity Injection

Apache Solr with Apache Lucene before 7.1 is susceptible to remote code execution by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external...

9.8CVSS7.3AI score0.91896EPSS
Exploits11References5
Nuclei
Nuclei
added yesterday44 views

Apache Solr - Deserialization of Untrusted Data

In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side. id:...

9.8CVSS7.5AI score0.77508EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday84 views

XWiki < 4.10.15 - Information Disclosure

The Solr-based search suggestion provider that also duplicates as generic JavaScript API for search results in XWiki exposes the content of all documents of all wikis to anybody who has access to it, by default it is public. This exposes all information stored in the wiki but not some protected...

7.5CVSS7AI score0.7282EPSS
Exploits0
Nuclei
Nuclei
added yesterday117 views

XWiki < 4.10.15 - Sensitive Information Disclosure

XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are...

7.5CVSS6.9AI score0.83548EPSS
Exploits0References2
Nuclei
Nuclei
added 3 days ago45 views

Apache Solr - Authentication Bypass

Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass.A fake ending at the end of any Solr API URL path, will allow requests to skip Authentication while maintaining the API contract with the origina...

9.8CVSS7.1AI score0.90709EPSS
Exploits1References3
Nuclei
Nuclei
added 3 days ago177 views

Apache Solr <=8.8.1 - Server-Side Request Forgery

Apache Solr versions 8.8.1 and prior contain a server-side request forgery vulnerability. The ReplicationHandler normally registered at "/replication" under a Solr core in Apache Solr has a "masterUrl" also "leaderUrl" alias parameter that is used to designate another ReplicationHandler on anothe...

9.8CVSS7AI score0.93053EPSS
Exploits5References5
NVD
NVD
added 2026/07/06 9:16 a.m.9 views

CVE-2026-48203

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Improper Input Validation, Server-Side Request Forgery SSRF vulnerability in Apache Camel Solr component. The camel-solr producer copies Exchange message headers whose names begin with the SolrParam...

9.1CVSS0.0037EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/06 8:6 a.m.5 views

EUVD-2026-41838

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Improper Input Validation, Server-Side Request Forgery SSRF vulnerability in Apache Camel Solr component. The camel-solr producer copies Exchange message headers whose names begin with the SolrParam...

9.1CVSS6.1AI score0.0037EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:6 a.m.6 views

CVE-2026-48203

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Improper Input Validation, Server-Side Request Forgery SSRF vulnerability in Apache Camel Solr component. The camel-solr producer copies Exchange message headers whose names begin with the SolrParam...

6.1AI score0.0037EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/06 8:6 a.m.39 views

CVE-2026-48203 Apache Camel: Camel-Solr: The SolrParam. and SolrField. Exchange header prefixes used non-Camel-prefixed names that bypass the HTTP header filter, allowing an HTTP client to inject Solr query parameters (server-side request forgery) and document fields

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Improper Input Validation, Server-Side Request Forgery SSRF vulnerability in Apache Camel Solr component. The camel-solr producer copies Exchange message headers whose names begin with the SolrParam...

0.0037EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.12 views

PT-2026-55899

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description An injection and Server-Side Request Forgery SSRF issue exists in the Apache Camel Solr component. T...

9.1CVSS6.1AI score0.0037EPSS
Exploits0References6
Fedora
Fedora
added 2026/07/01 1:22 a.m.13 views

[SECURITY] Fedora 43 Update: python-django-haystack-3.4.0-1.fc43

Haystack provides modular search for Django. It features a unified, familiar API that allows you to plug in different search backends such as Solr, Elasticsearch, Whoosh, Xapian, etc. without having to modify your code. Haystack is BSD licensed, plays nicely with third-party app without needing t...

5.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2026/06/29 12:0 a.m.4 views

The vulnerability of the command-line utility bin/solr auth for the Apache Solr search server allows a perpetrator to escalate their privileges and gain unauthorized access to protected information.

The vulnerability of the command-line utility bin/solr auth for the Apache Solr search server relates to the use of pre-installed user accounts. Exploiting this vulnerability allows an attacker to enhance their privileges and gain unauthorized access to protected information...

8.1CVSS7.2AI score0.00529EPSS
Exploits2References4Affected Software1
Nuclei
Nuclei
added 2026/06/28 3:8 p.m.65 views

Apache Solr <=8.3.1 - Remote Code Execution

Apache Solr versions 5.0.0 to 8.3.1 are vulnerable to remote code execution vulnerabilities through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable,...

7.5CVSS7.7AI score0.98567EPSS
Exploits12References5
RedHat Linux
RedHat Linux
added 2026/06/23 9:53 p.m.15 views

Important: Red Hat Security Advisory: Red Hat Offline Knowledge Portal security and content update

Red Hat Offline Knowledge Portal security fixes & content update This Red Hat Offline Knowledge Portal fixes several Solr-related CVEs. It also includes content updates as of June 16 2026...

8.1CVSS5.8AI score0.00791EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/19 8:46 p.m.14 views

Security Bulletin: IBM Operational Decision Manager - Multiple CVEs addressed related to SOLR and its dependencies (such as Jetty) affecting ODM-9.0.0 and older versions

Summary This Security bulletin addresses vulnerabilities in Apache Solr and its dependencies including Eclipse Jetty that might affect IBM Operational Decision Manager version 9.0.0 and older versions. Vulnerability Details CVEID:CVE-2026-2332 DESCRIPTION: In Eclipse Jetty, the HTTP/1.1 parser is...

9.1CVSS6.8AI score0.01127EPSS
Exploits2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.13 views

CVE-2026-44825

A flaw was found in Apache Solr. Hardcoded credentials in the Basic Authentication setup tool allow a remote attacker to gain full administrative access to the cluster. This occurs when the bin/solr auth enable tool is used, as publicly known default credentials are silently installed alongside...

9.8CVSS7.1AI score0.00529EPSS
Exploits2References4
Rows per page
Query Builder