| CVE-2017-12611 |
critical |
9.8 |
10.0 |
|
|
|
9y ago |
Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal |
| CVE-2016-3087 |
critical |
9.8 |
10.0 |
|
|
|
10y ago |
Apache Struts vulnerable to arbitrary remote code execution due to improper input validation |
| CVE-2013-4316 |
critical |
— |
10.0 |
|
|
|
13y ago |
Code injection in Apache Struts |
| CVE-2013-2134 |
critical |
— |
10.0 |
|
|
|
13y ago |
Arbitrary code execution in Apache Struts 2 |
| CVE-2013-1966 |
critical |
— |
10.0 |
|
|
|
13y ago |
Arbitrary code execution in Apache Struts |
| CVE-2012-0838 |
critical |
— |
10.0 |
|
|
|
15y ago |
Apache Struts Code injection due to conversion error |
| CVE-2016-4436 |
critical |
9.8 |
9.8 |
|
|
|
10y ago |
Apache Struts improper action name cleanup |
| CVE-2016-4438 |
critical |
9.8 |
9.8 |
|
|
|
10y ago |
Arbitrary code execution in Apache Struts 2 |
| CVE-2016-3082 |
critical |
9.8 |
9.8 |
|
|
|
10y ago |
Remote Code Execution in Apache Struts |
| CVE-2013-2135 |
critical |
— |
9.3 |
|
|
|
13y ago |
Arbitrary code execution in Apache Struts 2 |
| CVE-2013-1965 |
critical |
— |
9.3 |
|
|
|
13y ago |
Improper Control of Generation of Code in Apache Struts |
| CVE-2011-1772 |
low |
— |
3.6 |
|
|
|
15y ago |
Cross-site Scripting in Apache Struts |
| CVE-2013-2251 |
unknown |
— |
2.5 |
|
|
|
4y ago |
Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions. |
| CVE-2012-0391 |
unknown |
— |
2.5 |
|
|
|
4y ago |
The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution. |
| CVE-2020-17530 |
unknown |
— |
2.5 |
|
|
|
4y ago |
Forced Object-Graph Navigation Language (OGNL) evaluation in Apache Struts, when evaluated on raw user input in tag attributes, can lead to remote code execution. |
| CVE-2018-11776 |
unknown |
— |
2.5 |
|
|
|
8y ago |
Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn't set for a result defi… |
| CVE-2017-5638 |
unknown |
— |
2.5 |
|
|
|
8y ago |
Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution. |
| CVE-2008-6505 |
unknown |
— |
1.0 |
|
|
|
4y ago |
Apache Struts directory traversal vulnerability |
| CVE-2012-1592 |
unknown |
— |
1.0 |
|
|
|
4y ago |
Unrestricted Upload of File with Dangerous Type in Apache Struts2 |
| CVE-2011-3923 |
unknown |
— |
1.0 |
|
|
|
4y ago |
Struts ParameterInterceptor vulnerability allows remote command execution |
| CVE-2019-0230 |
unknown |
— |
1.0 |
|
|
|
5y ago |
Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts |
| CVE-2025-68493 |
unknown |
— |
— |
|
|
|
5mo ago |
Apache Struts 2 is Missing XML Validation |
| CVE-2025-66675 |
unknown |
— |
— |
|
|
|
6mo ago |
Apache Struts has a Denial of Service vulnerability |
| CVE-2025-64775 |
unknown |
— |
— |
|
|
|
6mo ago |
Apache Struts is Vulnerable to DoS via File Leak |
| CVE-2024-53677 |
unknown |
— |
— |
|
|
|
2y ago |
Apache Struts file upload logic is flawed |
| CVE-2023-50164 |
unknown |
— |
— |
|
|
|
3y ago |
Apache Struts vulnerable to path traversal |
| CVE-2023-41835 |
unknown |
— |
— |
|
|
|
3y ago |
Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability |
| CVE-2023-34396 |
unknown |
— |
— |
|
|
|
3y ago |
Apache Struts vulnerable to memory exhaustion |
| CVE-2023-34149 |
unknown |
— |
— |
|
|
|
3y ago |
Apache Struts vulnerable to memory exhaustion |
| CVE-2019-0233 |
unknown |
— |
— |
|
|
|
4y ago |
Improper Preservation of Permissions in Apache Struts |
| CVE-2008-6682 |
unknown |
— |
— |
|
|
|
4y ago |
Apache Struts is vulnerable to Cross-site Scripting |
| CVE-2021-31805 |
unknown |
— |
— |
|
|
|
4y ago |
Expression Language Injection in Apache Struts |
