1936 matches found
Apache Struts2 S2-057 - Remote Code Execution
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible remote code execution when alwaysSelectFullNamespace is true either by user or a plugin like Convention Plugin and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace...
Apache Struts2 S2-062 - Remote Code Execution
Apache Struts2 S2-062 is vulnerable to remote code execution. The fix issued for CVE-2020-17530 S2-061 was incomplete, meaning some of the tag's attributes could still perform a double evaluation if a developer applied forced OGNL evaluation by using the %... syntax. id: CVE-2021-31805 info: name...
Apache Struts <2.3.1.1 - Remote Code Execution
Apache Struts before 2.3.1.1 is susceptible to remote code execution. When developer mode is used in the DebuggingInterceptor component, a remote attacker can execute arbitrary OGNL commands via unspecified vectors, which can allow for execution of malware, obtaining sensitive information,...
Apache Struts - Multiple Open Redirection Vulnerabilities
Apache Struts is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input. id: CVE-2013-2248 info: name: Apache Struts - Multiple Open Redirection Vulnerabilities author: 0xAkoko severity: medium description: Apache Struts is prone ...
Exploit for Improper Handling of Exceptional Conditions in Apache Struts
LAB 1 — Apache Struts2 OGNL Injection CVE-2017-5638 / S2-045...
Apache Struts2 S2-053 - Remote Code Execution
Apache Struts 2.1.x and 2.3.x with the Struts 1 plugin might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage. id: CVE-2017-9791 info: name: Apache Struts2 S2-053 - Remote Code Execution author: pikpikcu severity: critical description: | Apache...
PT-2026-42868
CVE-2026-8399 - Apache Struts Remote Code Execution Vulnerability CVE ID :CVE-2026-8399 Published : May 20, 2026, 11:16 p.m. | 16 minutes ago Description :Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Severity: 0.0 | NA Visit the link for more details...
Exploit for Improper Handling of Exceptional Conditions in Apache Struts
apache-struts-cve-2017-56...
PT-2026-41717
CVE-2026-6050 - CVE-2019-11510 - Apache Struts Remote Code Execution CVE ID :CVE-2026-6050 Published : May 16, 2026, 11:16 p.m. | 1 hour, 58 minutes ago Description :Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Severity: 0.0 | NA Visit the link for...
PT-2026-41423
CVE-2026-40327 - Apache Struts Remote Code Execution Vulnerability CVE ID :CVE-2026-40327 Published : May 13, 2026, 10:16 p.m. | 37 minutes ago Description :Rejected reason: This CVE is a duplicate of another CVE. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected...
PT-2026-36688
CVE-2026-4178 - Here is a title for the vulnerability: Apache Struts Remote Code Execution Vulnerability CVE ID :CVE-2026-4178 Published : April 30, 2026, 11:16 p.m. | 38 minutes ago Description :Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Severity:...
PT-2026-33635
Apache Struts CVE-2026-6056 has been rejected, indicating no current security threat. This highlights the importance of verifying CVE statuses before panic. NerdieNews CyberSecurity InfoSec Ransomware Malware https://t.co/uHuPsnGEPa...
Security Bulletin: Remediation of Multiple Apache Struts Vulnerabilities in IBM Library Support for Struts
Summary Multiple Apache Struts vulnerabilities have been addressed in IBM Library Support for Struts Vulnerability Details CVEID:CVE-2008-2025 DESCRIPTION: Cross-site scripting XSS vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise SLE 11, before 1.2.9-108.2 on SUSE...
DoS (Denial of Service) Apache Struts Dependency in Bamboo Data Center
This High severity DoS Denial of Service vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, and 12.0.0 of Bamboo Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.1, allows an authenticated attacker to cause a resource to be...
Missing XML Validation vulnerability in Apache Struts Dependency in Bamboo Data Center
This High severity Missing XML Validation vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0 and 10.2.0 of Bamboo Data Center. This Missing XML Validation vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N allows an plugin vendor ...
Security Bulletin: Remediation of Multiple Apache Struts Vulnerabilities in IBM Library Support for Struts
Summary Multiple Apache Struts vulnerabilities have been addressed in IBM Library Support for Struts Vulnerability Details CVEID:CVE-2025-68493 DESCRIPTION: Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache...
Exploit for Deserialization of Untrusted Data in Apache Struts
No d...
Security Bulletin: Multiple Vulnerabilities in IBM Tivoli Netcool/OMNIbus_GUI (CVE-2019-17570, CVE-2025-64775)
Summary Multiple vulnerabilities were addressed in IBM Tivoli Netcool/OMNIbusGUI 8.1.0 Fix Pack 40. Vulnerability Details CVEID:CVE-2025-64775 DESCRIPTION: Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache...
K000160014: Apache Struts vulnerability CVE-2025-68493
Security Advisory Description Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue. CVE-2025-68493 Impact...
PT-2026-8263
CVE-2025-36524 - Apache Struts SSRF CVE ID : CVE-2025-36524 Published : Feb. 13, 2026, 7:16 p.m. | 18 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused Severity: 0.0 | NA Visit the link for more details, such ...