CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24814 – Apache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files
https://notcve.org/view.php?id=CVE-2025-24814
27 Jan 2025 — Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "user-managed" mode), and (2) are running without authentication and authorization are vulnerable to a sort of privilege escalation wherein individual "trusted" configset files can be ignored in favor of potentially-untrusted replacements available elsewhere on the filesystem. These replacement config files are tre... • https://lists.apache.org/thread/gl291pn8x9f9n52ys5l0pc0b6qtf0qw1 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 0CVE-2013-6288
https://notcve.org/view.php?id=CVE-2013-6288
28 Oct 2013 — Unspecified vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize." Vunerabilidad sin especificar en Apache Solr para la extensión TYPO3 anterior a 2.8.3 con impacto y vectores de ataque desconocidos relacionados con "Deserializacióin Insegura" • http://secunia.com/advisories/54978 •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2013-6289
https://notcve.org/view.php?id=CVE-2013-6289
28 Oct 2013 — Cross-site scripting (XSS) vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en la extensión Apache Soir para TYPO3 (soir) en versiones anteriores a la 2.8.3 permite a atacantes remotos inyectar scripts web o HTML arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/54978 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •