CVE-2024-41674

CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues with the Solr server, the internal Solr URL potentially including credentials could be leaked to packagesearch calls as part of the returned error message. This has been patched ...

CVE-2025-3099

The Advanced Search by My Solr Server plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the 'MySolrServerSettings' page. This makes it possible for unauthenticated attackers to upda...

WordPress plugin Advanced Search by My Solr Server 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2025-14477 · WordPress · Advanced Search By My Solr Server

Name of the Vulnerable Software and Affected Versions: Advanced Search by My Solr Server plugin for WordPress versions up to, and including, 2.0.5 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the 'MySolrServerSettings' page. This...

CVE-2024-41674

CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues with the Solr server, the internal Solr URL potentially including credentials could be leaked to packagesearch calls as part of the returned error message. This has been patched ...

CVE-2024-41674

CKAN is an open‑source data management system. The CVE describes a vulnerability where, if there are connection issues with the Solr server, the internal Solr URL (potentially including credentials) could be leaked to package_search error messages. This is mitigated in CKAN by patches in versions...

CVE-2024-41674 CKAN may leak Solr credentials via error message in package_search action

CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues with the Solr server, the internal Solr URL potentially including credentials could be leaked to packagesearch calls as part of the returned error message. This has been patched ...

XML external entity expansion in org.apache.solr:solr-core

This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion XXE in Solr config files currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file. In addition, Xinclude functionality provided in these config files is als...

Xxe

This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion XXE in Solr config files currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file. In addition, Xinclude functionality provided in these config files is als...

CVE-2018-8026

CVE-2018-8026 affects Apache Solr releases 6.0.0–6.6.4 and 7.0.0–7.3.1, due to an XML External Entity (XXE) flaw in Solr config files (currency.xml, enumsConfig.xml referenced from schema.xml, and TIKA parsecontext) and related XInclude handling. An attacker could craft XML and upload manipulated...

Debian DLA-1360-1 : lucene-solr security update

It was discovered that there was an XML external entity expansion XXE vulnerability in lucene-solr, a search engine library for Java. It could be exploited to read arbitrary local files from the Solr server or the internal network. For Debian 7 'Wheezy', this issue has been fixed in lucene-solr...

[SECURITY] [DLA 1360-1] lucene-solr security update

Package : lucene-solr Version : 3.6.0+dfsg-1+deb7u4 CVE ID : CVE-2018-1308 Debian Bug : 896604 It was discovered that there was an XML external entity expansion XXE vulnerability in lucene-solr, a search engine library for Java. It could be exploited to read arbitrary local files from the Solr...

Debian: Security Advisory (DLA-1360-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-1046-1 : lucene-solr security update

lucene-solr handler supports an HTTP API /replication?command=filecontent&file= which is vulnerable to path traversal attack. Specifically, this API does not perform any validation of the user specified filename parameter. This can allow an attacker to download any file readable to Solr server...