CVE-2026-44668 Faction: Unauthenticated Read, Modify, and Delete of Boilerplate Templates

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke without checking for a valid session. Four action methods in BoilerPlateConfig perform no local...

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +229 more potentially affected by CVE-2025-68493 via org.apache.struts:struts2-core (>=2.0.11 <=2.3.37)

org.apache.struts:struts2-core MAVEN version =2.0.11, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =0.5.9, =1.2.0, =1.2.3 and more Source cves: CVE-2025-68493 Source advisory: OSV:GHSA-QCFC-HMRC-59X7...

br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8), br.net.woodstock.rockframework:rockframework-web (>=1.2.4 <=3.0.1) +272 more potentially affected by CVE-2025-68493 via org.apache.struts.xwork:xwork-core (>=2.2.1 <=2.3.8)

org.apache.struts.xwork:xwork-core MAVEN version =2.2.1, =2.0.0, =1.2.4, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =1.0, =1.0, =1.0, =1.0, =2.0.0, =2.2.1 and more Source cves: CVE-2025-68493 Source advisory: OSV:GHSA-QCFC-HMRC-59X7...

com.amazonaws.serverless:aws-serverless-java-container-struts (=1.9), com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (=5.0.0) +50 more potentially affected by CVE-2025-68493 via org.apache.struts:struts2-core (>=6.0.0 <=6.0.3)

org.apache.struts:struts2-core MAVEN version =6.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =1.4.0, =1.4.1, =1.4.0, =1.4.2 and more Source cves: CVE-2025-68493 Source advisory: SNYK:JAVA-ORGAPACHESTRUTS-14915536https:/...

com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (=6.0.0), com.jgeppert.struts2.bootstrap:struts2-bootstrap-showcase (=6.0.0) +53 more potentially affected by CVE-2025-64775 +1 more via org.apache.struts:struts2-core (>=7.0.0 <=7.0.3)

org.apache.struts:struts2-core MAVEN version =7.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.3 and more Source cves: CVE-2025-64775, CVE-2025-66675 Source advisory: OSV:GHSA-RG58-XHH7-MQJWhttps://vu...

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +332 more potentially affected by CVE-2025-64775 +1 more via org.apache.struts:struts2-core (>=2.0.11 <=6.7.4)

org.apache.struts:struts2-core MAVEN version =2.0.11, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =1.9, =1.2, =1.0, =1.0, =1.0.4 and more Source cves: CVE-2025-64775, CVE-2025-66675 Source advisory: OSV:GHSA-RG58-XHH7-MQ...

com.amazonaws.serverless:aws-serverless-java-container-struts (>=1.9 <=1.9.4), com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (>=4.0.2 <=5.0.6) +77 more potentially affected by CVE-2025-64775 via org.apache.struts:struts2-core (>=6.0.0 <=6.7.4)

org.apache.struts:struts2-core MAVEN version =6.0.0, =1.9, =4.0.2, =4.0.2, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =1.4.0, =1.4.1, =1.4.0, =1.4.3 and more Source cves: CVE-2025-64775 Source advisory: SNYK:JAVA-ORG...

com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (=6.0.0), com.jgeppert.struts2.bootstrap:struts2-bootstrap-showcase (=6.0.0) +53 more potentially affected by CVE-2025-64775 via org.apache.struts:struts2-core (>=7.0.0 <=7.0.3)

org.apache.struts:struts2-core MAVEN version =7.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.3 and more Source cves: CVE-2025-64775 Source advisory:...

PocCollect

This repository is an offensive tool for vulnerability scanning and exploitation, specifically targeting various web applications and services. The primary vulnerability class targeted is SQL injection, with specific examples of exploits for Struts2, 08CMS, and ASPCMS. The tool is written in Pyth...

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

PoC: Apache Struts2 CVE-2017-5638 Safe Educational Demo...

CISCO-SA-20170907-STRUTS2

creationtimestamp| type| source ---|---|--- 2025-02-07 18:02:56+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/3799...

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +324 more potentially affected by CVE-2023-50164 via org.apache.struts:struts2-core (>=2.0.11 <=2.5.32)

org.apache.struts:struts2-core MAVEN version =2.0.11, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =1.2, =1.0, =1.0, =1.0, =1.0.4 and more Source cves: CVE-2023-50164 Source advisory: OSV:GHSA-2J39-QCJM-428W...

Apache Struts 安全漏洞

Apache Struts is the United States Apache Apache Foundation, an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2. Apache Struts suffers from a directory...

com.amazonaws.serverless:aws-serverless-java-container-struts (>=1.9 <=1.9.3), com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (>=5.0.0 <=5.0.2) +50 more potentially affected by CVE-2023-41835 via org.apache.struts:struts2-core (>=6.0.0 <=6.1.2.1)

org.apache.struts:struts2-core MAVEN version =6.0.0, =1.9, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =1.4.0, =1.4.1, =1.4.0, =1.4.3 and more Source cves: CVE-2023-41835 Source advisory: OSV:GHSA-72...

org.apache.struts:struts2-apps (>=6.2.0 <=6.3.0), org.apache.struts:struts2-assembly (>=6.2.0 <=6.3.0) +34 more potentially affected by CVE-2023-41835 via org.apache.struts:struts2-core (>=6.2.0 <=6.3.0)

org.apache.struts:struts2-core MAVEN version =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.3.0 and more Source cves: CVE-2023-41835 Source advisory: OSV:GHSA-729Q-FCGP-R5XH...

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +301 more potentially affected by CVE-2023-34149 via org.apache.struts:struts2-core (>=2.0.11 <=2.5.30)

org.apache.struts:struts2-core MAVEN version =2.0.11, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =1.2, =1.0, =1.0, =1.0, =1.0.4 and more Source cves: CVE-2023-34149 Source advisory: OSV:GHSA-8F6X-V685-G2XC...

SUSE CVE-2008-6505

Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f encoded dot dot slash in a URI with a /struts/ path, related to 1 FilterDispatcher in 2.0.x and 2 DefaultStaticContentLoader in 2.1...

SUSE CVE-2010-1870

The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the "" protection mechanis...

SUSE CVE-2013-1966

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag...

SUSE CVE-2013-2115

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966...