Every CVE whose affected-product data names Apache Cocoon, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2022-45135 — CVSS 9.8 (critical): Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Cocoon.This issue affects…
CVE-2023-49733 — CVSS 9.8 (critical): Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before…
CVE-2020-11991 — CVSS 7.5 (high): When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be…
CVE-2025-24783 — CVSS 7.5 (high): ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cocoon. This…
CVE-2003-1172 — CVSS 5.0 (medium): Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers…