| CVE-2013-2134 |
critical |
— |
10.0 |
|
|
|
13y ago |
Arbitrary code execution in Apache Struts 2 |
| CVE-2013-1966 |
critical |
— |
10.0 |
|
|
|
13y ago |
Arbitrary code execution in Apache Struts |
| CVE-2012-0838 |
critical |
— |
10.0 |
|
|
|
15y ago |
Apache Struts Code injection due to conversion error |
| CVE-2013-2135 |
critical |
— |
9.3 |
|
|
|
13y ago |
Arbitrary code execution in Apache Struts 2 |
| CVE-2013-2115 |
high |
8.1 |
9.1 |
|
|
|
13y ago |
Code injection in Apache Struts |
| CVE-2016-4430 |
high |
8.8 |
8.8 |
|
|
|
10y ago |
Apache Struts CSRF Vulnerability |
| CVE-2012-0394 |
medium |
— |
7.8 |
|
|
|
15y ago |
Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode |
| CVE-2012-0392 |
medium |
— |
7.8 |
|
|
|
15y ago |
Apache Struts's CookieInterceptor component does not use the parameter-name whitelist |
| CVE-2016-4433 |
high |
7.5 |
7.5 |
|
|
|
10y ago |
Apache Struts Open Redirect |
| CVE-2015-1831 |
high |
— |
7.5 |
|
|
|
11y ago |
Incomplete exclude pattern in Apache Struts |
| CVE-2012-0393 |
medium |
— |
7.4 |
|
|
|
15y ago |
Apache Struts's ParameterInterceptor component does not prevent access to public constructors |
| CVE-2014-0094 |
medium |
— |
6.0 |
|
|
|
12y ago |
ClassLoader manipulation in Apache Struts |
| CVE-2012-4387 |
medium |
— |
5.0 |
|
|
|
14y ago |
Denial of service in Apache Struts |
| CVE-2011-2088 |
medium |
— |
5.0 |
|
|
|
15y ago |
XWork in Apache Struts Reveals Sensitive Information |
| CVE-2012-0391 |
unknown |
— |
2.5 |
|
|
|
4y ago |
The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution. |
| CVE-2025-68493 |
unknown |
— |
— |
|
|
|
5mo ago |
Apache Struts 2 is Missing XML Validation |
