Where
-Infinity
0

Trending

Last week
Last month
Last year

Apache SolrApache Solr: Insufficient file-access checking in standalone core-creation requests

Risk 36
Severity
7.1
EPSS
0.11%
First published (updated )
CVE-2026-22444

Apache SolrApache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin

Risk 40
Severity
8.2
EPSS
0.19%
First published (updated )
CVE-2026-22022

oss-secCVE-2026-22444: Apache Solr: Insufficient file-access checking in standalone co-cation quests

First published (updated )
https://seclists.org/oss-sec/2026/q1/92

oss-secCVE-2026-22022: Apache Solr: Unauthorized bypass of certain "pdefined permission" rules in the RuleBasedAuthorizationPlugin

First published (updated )
https://seclists.org/oss-sec/2026/q1/91

Apache SolrApache Solr: Configset upload on Windows allows arbitrary path write-access

Risk 37
Severity
5.4
First published (updated )
CVE-2024-52012
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache SolrApache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files

Risk 31
Severity
5.5
EPSS
0.04%
First published (updated )
CVE-2025-24814

Apache SOLRApache Solr: System Property redaction logic inconsistency can lead to leaked passwords

Risk 32
Severity
7.5
EPSS
0.11%
First published (updated )
CVE-2023-50291

maven/org.apache.solr:solr-coreApache Solr: Solr Schema Designer blindly "trusts" all configsets, possibly leading to RCE by unauthenticated users

Risk 32
Severity
7.5
EPSS
0.11%
First published (updated )
CVE-2023-50292

maven/org.apache.solr:solr-solrjApache Solr: Solr can expose ZooKeeper credentials via Streaming Expressions

Risk 32
Severity
7.5
EPSS
0.05%
First published (updated )
CVE-2023-50298

IBM Cognos AnalyticsApache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets

Risk 59
Severity
8.8
EPSS
0.13%
First published (updated )
CVE-2023-50386
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

CVE-2023-50290: Apache Solr: Host environment variables are published via the Metrics API

First published (updated )
https://seclists.org/oss-sec/2024/q1/20

maven/org.apache.solr:solr-coreApache Solr: Host environment variables are published via the Metrics API

Risk 40
Severity
6.5
First published (updated )
CVE-2023-50290

Apache Tomcat- Rapid Reset HTTP/2 vulnerability

Risk 65
Severity
7.5
Exploited
Zeroday
First published (updated )
CVE-2023-44487

Apache SolrApache Solr information disclosure vulnerability through DataImportHandler

Risk 86
Severity
9.8
First published (updated )
CVE-2021-44548

Apache SolrXEE

Risk 45
Severity
7.5
First published (updated )
CVE-2021-33813
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache SOLRApache Solr Unprivileged users may be able to perform unauthorized read/write to collections

Risk 66
Severity
9.1
First published (updated )
CVE-2021-29943

Apache SOLRMisapplied Zookeeper ACLs can result in leakage of configured authentication and authorization settings

Risk 43
Severity
7.5
First published (updated )
CVE-2021-29262

Apache SOLRSSRF vulnerability with the Replication handler

Risk 86
Severity
9.8
First published (updated )
CVE-2021-27905

Eclipse JettyInfoleak

Risk 22
Severity
2.7
First published (updated )
CVE-2021-28163

Eclipse JettyEclipse Jetty is vulnerable to a denial of service, caused by an error when handling a request conta…

Risk 45
Severity
5.3
First published (updated )
CVE-2020-27223
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

redhat/hadoopIn Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client mi…

Risk 81
Severity
8.8
First published (updated )
CVE-2020-9492

Apache SOLRApache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features consid…

Risk 86
Severity
9.8
First published (updated )
CVE-2020-13957

Apache SOLRInput Validation

Risk 79
Severity
8.8
First published (updated )
CVE-2020-13941

Apache SolrIn Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes …

Risk 22
Severity
4.3
First published (updated )
CVE-2018-11802

ORACLE Primavera UnifierApache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability

Risk 87
Severity
7.5
Exploited
First published (updated )
CVE-2019-17558
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache SolrMalicious File Upload

Risk 86
Severity
9.8
First published (updated )
CVE-2019-12409

Apache SOLRSolr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource c…

Risk 43
Severity
7.5
First published (updated )
CVE-2019-12401

Apache SolrApache Solr DataImportHandler Code Injection Vulnerability

Risk 96
Severity
9
Exploited
First published (updated )
CVE-2019-0193

Apache SOLRIn Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JM…

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-1692345

Apache Software Foundation Solr 8Reached end of life

EOL
Oct 25, 2024
First published (updated )
EOL-solr-8
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203