PT-2026-42930

CVE-2026-5297 - Here is a title for the vulnerability: Apache Struts Deserialization Remote Code Execution Vulnerability CVE ID :CVE-2026-5297 Published : May 21, 2026, 11:16 p.m. | 2 hours, 24 minutes ago Description :Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numberi...

MiracleLinux 3 : struts-1.2.9-4jpp.8.AXS3 (AXSA:2014-309:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2014-309:01 advisory. Welcome to the Struts Framework! The goal of this project is to provide an open source framework useful in building web applications with Java Servlet and...

CVE-2025-68493 Apache Struts, Apache Struts: XXE vulnerability in outdated XWork component

Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue...

Missing XML Validation

Overview org.apache.struts:struts2-core is a popular open-source framework for developing web applications in the Java programming language. Affected versions of this package are vulnerable to Missing XML Validation. An attacker can access sensitive information or cause a denial of service by...

EUVD-2026-1898

Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue...

Apache Struts 安全漏洞

Apache Struts is an open source project of the U.S. Apache Apache Foundation , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2. Apache Struts version 2.0.0 to version 2.3.37 ...

Apache Struts 2.0.0 <= 6.7.0 / 7.0.0 <= 7.0.3 Denial of Service (S2-068)

The version of Apache Struts installed on the remote host is 2.0.0 through 6.7.0 or 7.0.0 through 7.0.3. It is, therefore, affected by a denial of service vulnerability as referenced in the S2-068 advisory: - Denial of Service vulnerability in Apache Struts, file leak in multipart request...

Incomplete Cleanup

Overview org.apache.struts:struts2-core is a popular open-source framework for developing web applications in the Java programming language. Affected versions of this package are vulnerable to Incomplete Cleanup in the multipart request processing in the file parameters in OGNL-mapped Value Objec...

CVE-2023-51593

Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The...

Apache Struts 安全漏洞

Apache Struts is the United States Apache Apache Foundation, an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2. Apache Struts denial of service...

SUSE CVE-2008-6682

Multiple cross-site scripting XSS vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of 1 " double quote characters in the href attribute of an s:a tag and 2...

SUSE CVE-2011-1772

Multiple cross-site scripting XSS vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 an action name, 2 the action attribute of an s:submit element, or 3 t...

SUSE CVE-2011-5057

Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an...

SUSE CVE-2016-0785

Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%" sequence in a tag attribute, aka forced double OGNL evaluation...

SUSE CVE-2016-1182

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting XSS attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899...

SUSE CVE-2016-4465

The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field...

GHSA-J68F-8H6P-9H5Q Struts ParameterInterceptor vulnerability allows remote command execution

Regular expression in ParametersInterceptor matches top'foo' as a valid expression, which OGNL treats as top'foo'0 and evaluates the value of 'foo' action parameter as an OGNL expression. This lets malicious users put arbitrary OGNL statements into any String variable exposed by an action and hav...

Apache Struts2 S2-060 Denial of Service Vulnerability

Struts2 is Apache Software Foundation is responsible for maintaining a MVC-based design pattern of the Web application framework for open source projects . Apache Struts2 suffers from an S2-060 denial of service vulnerability. The vulnerability stems from the fact that when uploading a file, an...

GHSA-P66X-2CV9-QQ3V Arbitrary code execution in Apache Commons BeanUtils

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...

Apache Struts Denial of Service Vulnerability (CNVD-2017-23347)

Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2...