cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-24783,https://securityvulnerability.io/vulnerability/CVE-2025-24783,Pseudo-Random Number Generator Flaw in Apache Cocoon by Apache,"A vulnerability exists in Apache Cocoon due to an incorrect implementation of the pseudo-random number generator (PRNG) used for generating continuation identifiers. The randomness was compromised by seeding the PRNG with the startup time, which may lead to insufficient unpredictability. Consequently, attackers could potentially guess continuation IDs, granting them unauthorized access to sensitive information. As Apache Cocoon is a retired project, no official fixes are available; therefore, users are advised to either adopt alternative solutions or restrict access strictly to trusted users. Enabling the 'session-bound-continuations' option can mitigate exposure by ensuring continuity identifiers are not shared across different user sessions.",Apache,Apache Cocoon,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-27T14:47:42.845Z,0
CVE-2023-49733,https://securityvulnerability.io/vulnerability/CVE-2023-49733,Apache Cocoon's StreamGenerator is vulnerable to XXE injection,"An improper restriction of XML External Entity (XXE) reference vulnerability has been identified in Apache Cocoon that may lead to sensitive data exposure. This issue affects versions from 2.2.0 prior to 2.3.0. To mitigate potential risks, users are strongly advised to upgrade to version 2.3.0, which addresses and resolves this vulnerability.",Apache,Apache Cocoon,9.8,CRITICAL,0.021229999139904976,false,,false,false,false,,,false,false,,2023-11-30T12:15:00.000Z,0
CVE-2022-45135,https://securityvulnerability.io/vulnerability/CVE-2022-45135,Apache Cocoon: SQL injection in DatabaseCookieAuthenticatorAction,"An SQL injection vulnerability exists in Apache Cocoon due to improper neutralization of special elements used in SQL commands. This flaw affects versions from 2.2.0 up to but not including 2.3.0, potentially allowing attackers to manipulate SQL statements and access sensitive data. Users are strongly advised to upgrade to version 2.3.0 to mitigate this risk and ensure their systems are secure.",Apache,Apache Cocoon,9.8,CRITICAL,0.01116000022739172,false,,false,false,false,,,false,false,,2023-11-30T08:05:45.604Z,0
CVE-2020-11991,https://securityvulnerability.io/vulnerability/CVE-2020-11991,,"When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system.",Apache,Apache Cocoon,7.5,HIGH,0.8893499970436096,false,,false,false,false,,,false,false,,2020-09-11T13:28:20.000Z,0