Lucene search
+L

62 matches found

ATTACKERKB
ATTACKERKB
added 2026/01/21 1:41 p.m.2 views

CVE-2026-22022

Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the following criteria ar...

8.2CVSS5.5AI score0.00491EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/21 1:41 p.m.4 views

CVE-2026-22022 Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin

Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the following criteria ar...

5.6AI score0.00491EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/21 1:41 p.m.7 views

EUVD-2026-3666

Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the following criteria ar...

8.2CVSS5.6AI score0.00491EPSS
Exploits0References3
CVE
CVE
added 2026/01/21 1:41 p.m.35 views

CVE-2026-22022

CVE-2026-22022 affects Apache Solr 5.3.0 through 9.10.0 that use Solr’s RuleBasedAuthorizationPlugin with a multi-role security.json config and a permission list that includes one or more of config-read, config-edit, schema-read, metrics-read, or security-read but does not define the all permissi...

8.2CVSS5.6AI score0.00491EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/01/21 1:41 p.m.5 views

CVE-2026-22022 Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin

Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the following criteria ar...

8.2CVSS7.1AI score0.00491EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/01/21 1:41 p.m.10 views

CVE-2026-22022

Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the following criteria ar...

8.2CVSS7.6AI score0.00491EPSS
Exploits0
Cvelist
Cvelist
added 2026/01/21 1:41 p.m.15 views

CVE-2026-22022 Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin

Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the following criteria ar...

0.00491EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/21 1:40 p.m.2 views

CVE-2026-22444

The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's "allowPaths" security setting...

7.1CVSS5.5AI score0.00654EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/01/21 1:40 p.m.8 views

EUVD-2026-3665

The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's "allowPaths" security setting...

7.1CVSS5.5AI score0.00654EPSS
Exploits1References3
CVE
CVE
added 2026/01/21 1:40 p.m.73 views

CVE-2026-22444

The CVE-2026-22444 issue affects Apache Solr in standalone mode (versions 8.6–9.10.0) where the create core API performs inadequate input validation on certain API parameters. This can cause Solr to check and read file-system paths that should be blocked by the allowPaths setting, potentially all...

7.1CVSS5.5AI score0.00654EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/21 1:40 p.m.9 views

CVE-2026-22444 Apache Solr: Insufficient file-access checking in standalone core-creation requests

The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's "allowPaths" security setting...

5.5AI score0.00654EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/01/21 12:0 a.m.9 views

Apache Solr security vulnerabilities

Apache Solr is a search server based on Lucene, developed by the Apache Foundation in the United States. This product supports faceted searching, vertical searching, and highlighting search results. There were security vulnerabilities in the Apache Solr versions 5.3.0 to 9.10.0. These...

8.2CVSS7.3AI score0.00491EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.10 views

PT-2026-3768

Name of the Vulnerable Software and Affected Versions Apache Solr versions 5.3.0 through 9.10.0 Description Deployments of Apache Solr utilizing the Rule Based Authorization Plugin are susceptible to unauthorized access to certain Solr APIs. This occurs due to insufficient input validation within...

8.5CVSS5.9AI score0.00491EPSS
Exploits0References23
Packet Storm News
Packet Storm News
added 2025/11/25 12:0 a.m.15 views

Adaptive Detection of Polymorphic Malware: Leveraging Mutation Engines and YARA Rules for Enhanced Security

Polymorphic malware continually alters its structure to evade signature-based defences, challenging both commercial antivirus AV and enterprise detection systems. This study introduces a reproducible framework for analysing eight polymorphic behaviours-junk code insertion, control-flow obfuscatio...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/17 12:0 a.m.8 views

When Intelligence Fails: An Empirical Study on Why LLMs Struggle with Password Cracking

The remarkable capabilities of Large Language Models LLMs in natural language understanding and generation have sparked interest in their potential for cybersecurity applications, including password guessing. In this study, we conduct an empirical investigation into the efficacy of pre-trained LL...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/24 12:0 a.m.9 views

Bi-GRPO: Bidirectional Optimization for Jailbreak Backdoor Injection on LLMs

With the rapid advancement of large language models LLMs, their robustness against adversarial manipulations, particularly jailbreak backdoor attacks, has become critically important. Existing approaches to embedding jailbreak triggers--such as supervised fine-tuning SFT, model editing, and...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/14 12:0 a.m.5 views

Searching for Privacy Risks in LLM Agents Via Simulation

The widespread deployment of LLM-based agents is likely to introduce a critical privacy threat: malicious agents that proactively engage others in multi-turn interactions to extract sensitive information. These dynamic dialogues enable adaptive attack strategies that can cause severe privacy...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/13 12:0 a.m.5 views

Demystifying the Role of Rule-Based Detection in AI Systems for Windows Malware Detection

Malware detection increasingly relies on AI systems that integrate signature-based detection with machine learning. However, these components are typically developed and combined in isolation, missing opportunities to reduce data complexity and strengthen defenses against adversarial EXEmples,...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/23 12:0 a.m.6 views

Intelligent ARP Spoofing Detection Using Multi-Layered Machine Learning (ML) Techniques for IoT Networks

Address Resolution Protocol ARP spoofing remains a critical threat to IoT networks, enabling attackers to intercept, modify, or disrupt data transmission by exploiting ARP's lack of authentication. The decentralized and resource-constrained nature of IoT environments amplifies this vulnerability,...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/27 12:0 a.m.6 views

Red-Teaming Text-To-Image Systems by Rule-Based Preference Modeling

Text-to-image T2I models raise ethical and safety concerns due to their potential to generate inappropriate or harmful images. Evaluating these models' security through red-teaming is vital, yet white-box approaches are limited by their need for internal access, complicating their use with...

7.2AI score
Exploits0
Rows per page
Query Builder