Skip to main content

Cocoon

3 CVEs product

Monthly

CVE-2025-24783 Maven HIGH This Month

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cocoon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Cocoon
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-49733 Maven CRITICAL PATCH Act Now

Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.2.0 before 2.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XXE Cocoon
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-11991 HIGH POC THREAT This Week

When using the StreamGenerator, the code parse a user-provided XML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Cocoon
NVD
CVSS 3.1
7.5
EPSS
72.5%
EPSS 1% CVSS 7.5
HIGH This Month

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cocoon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Cocoon
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.2.0 before 2.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XXE Cocoon
NVD
EPSS 72% CVSS 7.5
HIGH POC THREAT This Week

When using the StreamGenerator, the code parse a user-provided XML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Cocoon
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy