1311 matches found
CVE-2026-22022 vulnerabilities
Vulnerabilities for packages: solr...
GHSA-QR3P-2XJ2-Q7HQ vulnerabilities
Vulnerabilities for packages: solr...
CVE-2026-22022 vulnerabilities
Vulnerabilities for packages: solr...
GHSA-QR3P-2XJ2-Q7HQ vulnerabilities
Vulnerabilities for packages: solr...
Linux Distros Unpatched Vulnerability : CVE-2026-22022
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's Rule Based Authorization Plugin are vulnerable to allowing unauthorized access to certain So...
Linux Distros Unpatched Vulnerability : CVE-2026-22444
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The create core API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of a...
GHSA-J58C-WW9W-PWP5 vulnerabilities
Vulnerabilities for packages: solr...
CVE-2025-0716 vulnerabilities
Vulnerabilities for packages: solr...
GHSA-J58C-WW9W-PWP5 vulnerabilities
Vulnerabilities for packages: solr...
CVE-2025-0716 vulnerabilities
Vulnerabilities for packages: solr...
BIT-SOLR-2026-22444 Apache Solr: Insufficient file-access checking in standalone core-creation requests
The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's "allowPaths" security setting...
BIT-SOLR-2026-22022 Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin
Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the following criteria ar...
Exploit for CVE-2026-22444
CVE-2026-22444 Apache Solr UNC Path Validation Vulnerability...
GHSA-VC2W-4V3P-2MQW Apache Solr: Insufficient file-access checking in standalone core-creation requests
The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's "allowPaths" security setting...
GHSA-QR3P-2XJ2-Q7HQ Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin
Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the following criteria ar...
Files or Directories Accessible to External Parties
Overview org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties in the AllowPathBuilder behavior accessible via the create core API. An attacker can read...
Missing Authorization
Overview org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Missing Authorization in the Rule Based Authorization Plugin, by which the getPermissionName function can be forced to return null. An attacke...
Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin
Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the following criteria ar...
Apache Solr: Insufficient file-access checking in standalone core-creation requests
The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's "allowPaths" security setting...
CVE-2026-22022
Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the following criteria ar...