Lucene search
K

784 matches found

Nuclei
Nuclei
added yesterday87 views

Apache Solr <= 7.1 - XML Entity Injection

Apache Solr with Apache Lucene before 7.1 is susceptible to remote code execution by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external...

9.8CVSS7.3AI score0.91896EPSS
Exploits11References5
Nuclei
Nuclei
added 3 days ago45 views

Apache Solr - Authentication Bypass

Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass.A fake ending at the end of any Solr API URL path, will allow requests to skip Authentication while maintaining the API contract with the origina...

9.8CVSS7.1AI score0.90709EPSS
Exploits1References3
Nuclei
Nuclei
added 3 days ago99 views

Apache Solr - Host Environment Variables Leak via Metrics API

Exposure of Sensitive Information to an Unauthorized Actor Vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users can specify which environment variables to hide, however, the default list is designed to wor...

6.5CVSS6.6AI score0.68665EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2026/06/29 12:0 a.m.4 views

The vulnerability of the command-line utility bin/solr auth for the Apache Solr search server allows a perpetrator to escalate their privileges and gain unauthorized access to protected information.

The vulnerability of the command-line utility bin/solr auth for the Apache Solr search server relates to the use of pre-installed user accounts. Exploiting this vulnerability allows an attacker to enhance their privileges and gain unauthorized access to protected information...

8.1CVSS7.2AI score0.00529EPSS
Exploits2References4Affected Software1
Nuclei
Nuclei
added 2026/06/28 3:8 p.m.65 views

Apache Solr <=8.3.1 - Remote Code Execution

Apache Solr versions 5.0.0 to 8.3.1 are vulnerable to remote code execution vulnerabilities through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable,...

7.5CVSS7.7AI score0.98567EPSS
Exploits12References5
OSV
OSV
added 2026/06/05 5:53 a.m.19 views

BIT-SOLR-2026-44825 Apache Solr: Enabling BasicAuth using bin/solr CLI configures additional insecure users

Hardcoded credentials in the Basic Authentication setup tool bin/solr auth enable in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specifi...

9.8CVSS5.6AI score0.00529EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2026/06/01 8:2 a.m.13 views

CVE-2026-44825 Apache Solr: Enabling BasicAuth using bin/solr CLI configures additional insecure users

Hardcoded credentials in the Basic Authentication setup tool bin/solr auth enable in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specifi...

8.1CVSS5.8AI score0.00529EPSS
Exploits2References1
OSV
OSV
added 2026/06/01 8:2 a.m.1 views

CVE-2026-44825 Apache Solr: Enabling BasicAuth using bin/solr CLI configures additional insecure users

Hardcoded credentials in the Basic Authentication setup tool bin/solr auth enable in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specifi...

8.1CVSS7.2AI score0.00529EPSS
Exploits2References5
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

Apache Solr 安全漏洞

Apache Solr is a search server based on Lucene, developed by the Apache Foundation in the United States. This product supports faceted searching, vertical searching, and highlighting search results. Vulnerabilities exist in Apache Solr versions 9.4.0 through 9.10.1, as well as 10.0.0, due to...

9.8CVSS8.4AI score0.00529EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.10 views

PT-2026-45073

Name of the Vulnerable Software and Affected Versions Apache Solr versions 9.4.0 through 9.10.1 Apache Solr version 10.0.0 Description The Basic Authentication setup tool bin/solr auth enable contains hardcoded credentials. This allows a remote attacker to gain full administrative access to the...

9.8CVSS7AI score0.00529EPSS
Exploits2References26
EUVD
EUVD
added 2026/05/27 9:0 p.m.13 views

EUVD-2026-32668

The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. From 4.8.0 to before 26.04.1, the Goobi viewer REST endpoint POST /api/v1/index/stream accepted an arbitrary Solr streaming expression from unauthenticated network clients and forwarded it to th...

9.8CVSS5.9AI score0.0041EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 8:16 a.m.6 views

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by Cross-site scripting (XSS) vulnerability due to Apache Solr

Summary Admin UI in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of the Solr administrative web interface. CVE-2015-8797. Vulnerability Details CVEID:CVE-2015-8797 DESCRIPTION: Cross-site scripting XSS vulnerability in webapp/web/js/scripts/plugins.js in the stats page i...

6.1CVSS6.2AI score0.03313EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 5:40 p.m.10 views

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by denial of service (DoS), server-side request forgery (SSRF) protections, leak or corrupt request data, and security by-pass due to the use of Eclipse Jetty

Summary Eclipse Jetty in Apache Solr, and Apache ZooKeeper is used by IBM Operations Analytics - Log Analysis as Solr's HTTP endpoints and admin UI, and on Zookeeper as AdminServer HTTP interface. CVE-2024-8184, CVE-2024-6763, CVE-2024-13009, CVE-2025-11143 Vulnerability Details CVEID:CVE-2024-81...

7.2CVSS6.9AI score0.01037EPSS
Exploits1Affected Software1
F5 Networks
F5 Networks
added 2026/03/09 12:37 a.m.11 views

K000160272: Apache Solr vulnerability CVE-2026-22444

Security Advisory Description The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's "allowPaths" security setting...

7.1CVSS5.8AI score0.00654EPSS
Exploits1
GithubExploit
GithubExploit
added 2026/02/16 10:39 p.m.198 views

Exploit for Injection in Apache Solr

Apache-Solr-RCE-CVE-2019-17558 🛡️ Apache Solr Remote Code E...

7.5CVSS5.8AI score0.98567EPSS
Exploits12
Tenable Nessus
Tenable Nessus
added 2026/02/03 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-22444

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The create core API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of a...

7.1CVSS7.1AI score0.00654EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2026/01/22 5:55 p.m.172 views

Exploit for CVE-2026-22444

CVE-2026-22444 Apache Solr UNC Path Validation Vulnerability...

7.1CVSS5.7AI score0.00654EPSS
Exploits1
OSV
OSV
added 2026/01/21 3:31 p.m.4 views

GHSA-VC2W-4V3P-2MQW Apache Solr: Insufficient file-access checking in standalone core-creation requests

The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's "allowPaths" security setting...

7.1CVSS5.9AI score0.00654EPSS
Exploits1References5
OSV
OSV
added 2026/01/21 1:41 p.m.4 views

CVE-2026-22022 Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin

Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the following criteria ar...

8.2CVSS7.1AI score0.00491EPSS
Exploits0References4
OSV
OSV
added 2026/01/21 1:40 p.m.5 views

CVE-2026-22444 Apache Solr: Insufficient file-access checking in standalone core-creation requests

The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's "allowPaths" security setting...

7.1CVSS7.1AI score0.00654EPSS
Exploits1References4
Rows per page
Query Builder