| CVE-2017-12629 |
critical |
9.8 |
10.0 |
|
|
|
9y ago |
Remote code execution occurs in Apache Solr |
| CVE-2017-9803 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
Apache Solr Kerberos delegation token functionality flaws |
| CVE-2017-3163 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
Improper Limitation of a Pathname ('Path Traversal') in org.apache.solr:solr-core |
| CVE-2017-7660 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
Apache Solr insecure inter-node communication |
| CVE-2012-6612 |
high |
— |
7.5 |
|
|
|
13y ago |
Improper Restriction of XML External Entity Reference in Apache Solr |
| CVE-2013-6408 |
medium |
— |
6.4 |
|
|
|
13y ago |
XML Injection in Apache Solr |
| CVE-2013-6407 |
medium |
— |
6.4 |
|
|
|
13y ago |
Apache Solr UpdateRequestHandler for XML resolves XML External Entities |
| CVE-2015-8797 |
medium |
6.1 |
6.1 |
|
|
|
10y ago |
Improper Neutralization of Input During Web Page Generation in Apache Solr |
| CVE-2015-8795 |
medium |
6.1 |
6.1 |
|
|
|
10y ago |
Improper Neutralization of Input During Web Page Generation in Apache Solr |
| CVE-2021-29262 |
medium |
— |
5.5 |
|
|
|
5y ago |
Improper permission handling in Apache Solr |
| CVE-2013-6397 |
medium |
— |
4.3 |
|
|
|
13y ago |
Improper Limitation of a Pathname to a Restricted Directory in Apache Solr |
| CVE-2019-17558 |
unknown |
— |
2.5 |
|
|
|
6y ago |
The Apache Solr VelocityResponseWriter plug-in contains an unspecified vulnerability which can allow for remote code execution. |
| CVE-2019-0193 |
unknown |
— |
1.5 |
|
|
|
7y ago |
The optional Apache Solr module DataImportHandler contains a code injection vulnerability. |
| CVE-2023-50386 |
unknown |
— |
1.0 |
|
|
|
2y ago |
Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets |
| CVE-2026-22444 |
unknown |
— |
— |
|
|
|
4mo ago |
Apache Solr: Insufficient file-access checking in standalone core-creation requests |
| CVE-2026-22022 |
unknown |
— |
— |
|
|
|
4mo ago |
Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin |
| CVE-2024-52012 |
unknown |
— |
— |
|
|
|
1y ago |
Apache Solr Relative Path Traversal vulnerability |
| CVE-2025-24814 |
unknown |
— |
— |
|
|
|
1y ago |
Apache Solr vulnerable to Execution with Unnecessary Privileges |
| CVE-2023-50292 |
unknown |
— |
— |
|
|
|
2y ago |
Apache Solr Schema Designer blindly "trusts" all configsets |
| CVE-2023-50291 |
unknown |
— |
— |
|
|
|
2y ago |
Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies |
| CVE-2023-50290 |
unknown |
— |
— |
|
|
|
2y ago |
Apache Solr allows read access to host environmet variables |
| CVE-2019-12401 |
unknown |
— |
— |
|
|
|
4y ago |
Apache Solr vulnerable to XML Bomb |
| CVE-2020-13957 |
unknown |
— |
— |
|
|
|
4y ago |
Incorrect Authorization in Apache Solr |
| CVE-2018-11802 |
unknown |
— |
— |
|
|
|
4y ago |
Incorrect Authorization in Apache Solr |
| CVE-2019-12409 |
unknown |
— |
— |
|
|
|
6y ago |
The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use… |
| CVE-2017-3164 |
unknown |
— |
— |
|
|
|
7y ago |
Server-Side Request Forgery (SSRF) in org.apache.solr:solr-core |
| CVE-2019-0192 |
unknown |
— |
— |
|
|
|
7y ago |
Critical severity vulnerability that affects org.apache.solr:solr-core |
| CVE-2018-8010 |
unknown |
— |
— |
|
|
|
8y ago |
There is a XML external entity expansion (XXE) vulnerability in Apache Solr config files |
| CVE-2018-1308 |
unknown |
— |
— |
|
|
|
8y ago |
There is a XML external entity expansion (XXE) vulnerability in Apache Solr |
| CVE-2018-8026 |
unknown |
— |
— |
|
|
|
8y ago |
XML external entity expansion in org.apache.solr:solr-core |
