CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

101 matches found

Apache Struts2 S2-062 - Remote Code Execution

Apache Struts2 S2-062 is vulnerable to remote code execution. The fix issued for CVE-2020-17530 S2-061 was incomplete, meaning some of the tag's attributes could still perform a double evaluation if a developer applied forced OGNL evaluation by using the %... syntax. id: CVE-2021-31805 info: name...

9.8CVSS8.2AI score0.95922EPSS

Exploits16References5

GithubExploit•added 2026/05/22 7:20 a.m.•62 views

Exploit for CVE-2024-53667

CVE-2024-53677 — How the Exploit Works and How to Run It V...

9.8CVSS5.8AI score0.78198EPSS

Exploits15

GithubExploit•added 2026/04/11 1:3 p.m.•110 views

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

Attacker Lab: CVE-2017-5638 & CVE-2021-41773 A 7-host Docker-...

10CVSS7.3AI score0.99999EPSS

Exploits189

GithubExploit•added 2026/03/16 8:1 a.m.•156 views

Exploit for Deserialization of Untrusted Data in Apache Struts

Apache Struts S2-052 XML Deserialization RCE This repository...

8.1CVSS7.7AI score0.99461EPSS

Exploits23

Tenable Nessus•added 2026/01/19 12:0 a.m.•4 views

Atlassian Jira Service Management Data Center and Server 11.2.0 < 11.2.1 / 11.3.0 (JSDSERVER-16462)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16462 advisory. - ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an...

8.1CVSS8.9AI score0.21425EPSS

Exploits0References2

Atlassian•added 2026/01/16 6:27 p.m.•17 views

DoS (Denial of Service) org.apache.struts:struts2-core Dependency in Crowd Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2025-66675 was introduced in versions 7.0.2 and 7.1.0 of Crowd Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 8.2 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H allows an...

8.2CVSS5.4AI score0.00508EPSS

Exploits0

IBM Security Bulletins•added 2026/01/16 9:11 a.m.•29 views

Security Bulletin: Remediation of Multiple Apache Struts 2.5.33 Vulnerabilities in IBM Library Support for Struts.

Summary EOL Apache Struts 2.5.33 vulnerability has been addressed in IBM Library Support for Struts. Vulnerability Details CVEID:CVE-2024-53677 DESCRIPTION: File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some...

9.8CVSS9.5AI score0.78198EPSS

Exploits15Affected Software1

Positive Technologies•added 2026/01/01 12:0 a.m.•2 views

PT-2026-1154

CVE-2025-22188 - Apache Struts Deserialization Vulnerability CVE ID : CVE-2025-22188 Published : Jan. 1, 2026, 1:15 a.m. | 3 hours, 5 minutes ago Description : Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. Severity: 0.0 | NA...

7AI score

Exploits0References1

CNNVD•added 2025/12/10 12:0 a.m.•3 views

Apache Struts 安全漏洞

Apache Struts is an open source project of the Apache USA Foundation, a set of open source MVC frameworks for creating enterprise Java web applications, offering two main versions of the framework product, Struts 1 and Struts 2. A security vulnerability exists in Apache Struts versions 2.0.0...

8.2CVSS7.8AI score0.01431EPSS

Exploits0References3

OSV•added 2025/12/01 4:15 p.m.•2 views

CVE-2025-64775

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue...

7.5CVSS6.9AI score

Exploits0References2

Cvelist•added 2025/12/01 4:7 p.m.•7 views

CVE-2025-64775 Apache Struts: File leak in multipart request processing causes disk exhaustion (DoS)

0.01431EPSS

Exploits0References1

CNVD•added 2025/10/17 12:0 a.m.•6 views

ZTE ZXCDN Struts Remote Code Execution Vulnerability

ZTE ZXCDN is a unified network management platform from China's ZTE Corporation ZTE. ZTE ZXCDN suffers from a Struts remote code execution vulnerability, which can be exploited by an attacker to remotely execute commands with non-root privileges...

9.8CVSS6.5AI score0.00731EPSS

Exploits0

Cvelist•added 2025/10/14 8:54 a.m.•5 views

CVE-2025-46581 ZTE ZXCDN product has a Struts RCE Vulnerability

ZTE's ZXCDN product is affected by a Struts remote code execution RCE vulnerability. An unauthenticated attacker can remotely execute commands with non-root privileges...

9.8CVSS0.00731EPSS

Exploits0References1

Vulnrichment•added 2025/10/14 8:54 a.m.•5 views

CVE-2025-46581 ZTE ZXCDN product has a Struts RCE Vulnerability

ZTE's ZXCDN product is affected by a Struts remote code execution RCE vulnerability. An unauthenticated attacker can remotely execute commands with non-root privileges...

9.8CVSS8.2AI score0.00731EPSS

Exploits0References1

Positive Technologies•added 2025/10/14 12:0 a.m.•2 views

PT-2025-41861

Name of the Vulnerable Software and Affected Versions ZTE ZXCDN product affected versions not specified Description The ZTE ZXCDN product is susceptible to a remote code execution RCE issue stemming from a flaw in the Struts framework. An attacker who does not need to be authenticated can execute...

9.8CVSS7.7AI score0.00731EPSS

Exploits0References5