| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-22022 | Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin | Apache Software Foundation | Apache Solr | - | - | 2026-01-21 13:41:46 | Deep Dive |
| CVE-2026-22444 | Apache Solr: Insufficient file-access checking in standalone core-creation requests | Apache Software Foundation | Apache Solr | - | - | 2026-01-21 13:40:25 | Deep Dive |
| CVE-2025-3907 | Search API Solr - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-046 | Drupal | Search API Solr | 中危 | - | 2025-04-23 17:08:59 | Deep Dive |
| CVE-2025-3099 | Advanced Search by My Solr Server <= 2.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting | dbejean | Advanced Search by My Solr Server | Medium | 6.1 | 2025-04-02 09:21:43 | Deep Dive |
| CVE-2025-24814 | Apache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files | Apache Software Foundation | Apache Solr | 中危 | - | 2025-01-27 08:58:09 | Deep Dive |
| CVE-2024-52012 | Apache Solr: Configset upload on Windows allows arbitrary path write-access | Apache Software Foundation | Apache Solr | 中危 | - | 2025-01-27 08:54:43 | Deep Dive |
| CVE-2024-45217 | Apache Solr: ConfigSets created during a backup restore command are trusted implicitly | Apache Software Foundation | Apache Solr | 高危 | - | 2024-10-16 07:51:17 | Deep Dive |
| CVE-2024-45216 | Apache Solr: Authentication bypass possible using a fake URL Path ending | Apache Software Foundation | Apache Solr | 超危 | - | 2024-10-16 07:50:26 | Deep Dive |
| CVE-2024-31391 | Apache Solr Operator: Solr-Operator liveness and readiness probes may leak basic auth credentials | Apache Software Foundation | Apache Solr Operator | 中危 | - | 2024-04-12 15:00:27 | Deep Dive |
| CVE-2023-50291 | Apache Solr: System Property redaction logic inconsistency can lead to leaked passwords | Apache Software Foundation | Apache Solr | 高危 | - | 2024-02-09 17:29:33 | Deep Dive |
| CVE-2023-50292 | Apache Solr: Solr Schema Designer blindly "trusts" all configsets, possibly leading to RCE by unauthenticated users | Apache Software Foundation | Apache Solr | 高危 | - | 2024-02-09 17:29:21 | Deep Dive |
| CVE-2023-50298 | Apache Solr: Solr can expose ZooKeeper credentials via Streaming Expressions | Apache Software Foundation | Apache Solr | 高危 | - | 2024-02-09 17:29:08 | Deep Dive |
| CVE-2023-50386 | Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets | Apache Software Foundation | Apache Solr | 高危 | - | 2024-02-09 17:28:51 | Deep Dive |
| CVE-2023-50290 | Apache Solr: Host environment variables are published via the Metrics API | Apache Software Foundation | Apache Solr | 中危 | - | 2024-01-15 09:32:45 | Deep Dive |
| CVE-2018-25055 | FarCry Solr Pro Plugin Search solrProSearch.cfc cross site scripting | - | FarCry Solr Pro Plugin | Low | 3.5 | 2022-12-28 11:26:21 | Deep Dive |
| CVE-2021-44548 | Apache Solr information disclosure vulnerability through DataImportHandler | Apache Software Foundation | Apache Solr | 超危 | - | 2021-12-23 08:55:09 | Deep Dive |
| CVE-2021-29943 | Apache Solr Unprivileged users may be able to perform unauthorized read/write to collections | Apache Software Foundation | Apache Solr | 超危 | - | 2021-04-13 06:35:22 | Deep Dive |
| CVE-2021-29262 | Misapplied Zookeeper ACLs can result in leakage of configured authentication and authorization settings | Apache Software Foundation | Apache Solr | 高危 | - | 2021-04-13 06:35:21 | Deep Dive |
| CVE-2021-27905 | SSRF vulnerability with the Replication handler | Apache Software Foundation | Apache Solr | 超危 | - | 2021-04-13 06:35:20 | Deep Dive |
| CVE-2020-13957 | Apache Solr 安全漏洞 | - | Apache Solr | 超危 | - | 2020-10-13 18:28:52 | Deep Dive |