PT-2026-8265

CVE-2025-36532 - Apache Struts Remote Code Execution Vulnerability CVE ID : CVE-2025-36532 Published : Feb. 13, 2026, 7:16 p.m. | 18 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused Severity: 0.0 | NA Visit t...

PT-2026-8258

CVE-2025-35976 - Apache Struts XML External Entity XXE Injection CVE ID : CVE-2025-35976 Published : Feb. 13, 2026, 7:16 p.m. | 18 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused Severity: 0.0 | NA Visit the...

PT-2026-8257

CVE-2025-35962 - Apache Struts Command Execution Vulnerability CVE ID : CVE-2025-35962 Published : Feb. 13, 2026, 7:16 p.m. | 18 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused Severity: 0.0 | NA Visit the...

Exploit for Missing XML Validation in Apache Struts

CVE-2025-68493 CVE-2025-68493 7. References 1 Apac...

PT-2026-4634

CVE-2026-24335 - Apache Struts Unvalidated Input CVE ID : CVE-2026-24335 Published : Jan. 23, 2026, 5:16 a.m. | 1 hour, 58 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2026-4640

CVE-2026-24341 - Apache Struts SQL Injection CVE ID : CVE-2026-24341 Published : Jan. 23, 2026, 5:16 a.m. | 1 hour, 58 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2026-4619

CVE-2024-45727 - Apache Struts Remote Code Execution Vulnerability CVE ID : CVE-2024-45727 Published : Jan. 22, 2026, 10:16 a.m. | 50 minutes ago Description : Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. Severity: 0.0 | NA Visit the link for more details, suc...

PT-2026-4622

CVE-2024-45730 - Apache Struts Remote Code Execution CVE ID : CVE-2024-45730 Published : Jan. 22, 2026, 10:16 a.m. | 50 minutes ago Description : Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. Severity: 0.0 | NA Visit the link for more details, such as CVSS...

PT-2026-4626

CVE-2024-53248 - Apache Struts Command Injection CVE ID : CVE-2024-53248 Published : Jan. 22, 2026, 10:16 a.m. | 50 minutes ago Description : Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. Severity: 0.0 | NA Visit the link for more details, such as CVSS details,...

Atlassian Jira Service Management Data Center and Server 11.2.x < 11.2.1 XSS (JSDSERVER-16461)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16461 advisory. - ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator...

Atlassian Jira Service Management Data Center and Server 11.2.0 < 11.2.1 / 11.3.0 (JSDSERVER-16462)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16462 advisory. - ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an...

DoS (Denial of Service) org.apache.struts:struts2-core Dependency in Crowd Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2025-66675 was introduced in versions 7.0.2 and 7.1.0 of Crowd Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 8.2 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H allows an...

Security Bulletin: Remediation of Multiple Apache Struts 1.3.10 Vulnerabilities in IBM Library Support for Struts

Summary Multiple EOL Apache Struts 1.3.10 Vulnerabilities have been addressed in IBM Library Support for Struts Vulnerability Details CVEID:CVE-2025-54656 DESCRIPTION: UNSUPPORTED WHEN ASSIGNED Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Strut...

Security Bulletin: Remediation of Multiple Apache Struts 1.1 Vulnerabilities in IBM Library Support for Struts

Summary Multiple Apache Struts 1.1 Vulnerabilities have been addressed in IBM Library Support for Struts Vulnerability Details CVEID:CVE-2006-1546 DESCRIPTION: Apache Software Foundation ASF Struts before 1.2.9 allows remote attackers to bypass validation via a request with a...

Security Bulletin: Remediation of Multiple Apache Struts 2.5.33 Vulnerabilities in IBM Library Support for Struts.

Summary EOL Apache Struts 2.5.33 vulnerability has been addressed in IBM Library Support for Struts. Vulnerability Details CVEID:CVE-2024-53677 DESCRIPTION: File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some...

MiracleLinux 3 : struts-1.2.9-4jpp.8.AXS3 (AXSA:2014-309:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2014-309:01 advisory. Welcome to the Struts Framework! The goal of this project is to provide an open source framework useful in building web applications with Java Servlet and...

Apache Struts 2.x <= 2.3.37 / 2.5.x <= 2.5.33 / 6.x < 6.1.1 XML External Entity Injection in XWork (S2-069)

The version of Apache Struts installed on the remote host is 2.0.0 through 2.3.37, 2.5.0 through 2.5.33, or 6.x prior to 6.1.1. It is, therefore, affected by an XML external entity injection XXE vulnerability in the XWork component: - Missing XML Validation vulnerability in Apache Struts, Apache...

Years-Old Vulnerable Apache Struts 2 Versions See 387K Weekly Downloads

Over 387,000 users downloaded vulnerable Apache Struts versions this week. Exclusive Sonatype research reveals a high-risk flaw found by AI. Is your system at risk?...

GHSA-QCFC-HMRC-59X7 Apache Struts 2 is Missing XML Validation

Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue...

br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8), br.net.woodstock.rockframework:rockframework-web (>=1.2.4 <=3.0.1) +272 more potentially affected by CVE-2025-68493 via org.apache.struts.xwork:xwork-core (>=2.2.1 <=2.3.8)

org.apache.struts.xwork:xwork-core MAVEN version =2.2.1, =2.0.0, =1.2.4, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =1.0, =1.0, =1.0, =1.0, =2.0.0, =2.2.1 and more Source cves: CVE-2025-68493 Source advisory: OSV:GHSA-QCFC-HMRC-59X7...