Medium
CVE-2025-60689
An unauthenticated command injection vulnerability exists in the Start_EPI function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The vulnerability occurs be…
Tag: Apache Ant
All CVEs associated with "Apache Ant". Page 1/1 • 44 CVEs.
About “Apache Ant”
A curated feed of “Apache Ant”-related CVEs appears below. We currently track 44 CVEs for this tag (all time). In the last 365 days, 1 were published. Average CVSS is 7.4 (all time; 5.4 over 365d), and 57% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection').
In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
Support & lifecycle: ant
This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.
| Cycle | Release | Latest | EOL | LTS |
|---|---|---|---|---|
| 1.10 | 1.10.17 | - | ||
| 1.9 | 1.9.16 | Expired | ||
| 1.8 | 1.8.4 | Expired |
Maintained Soon (≤ 180 days) Expired
Subscribe lifecycle: RSS (expired) · ICS
Subscribe CVEs: RSS for “Apache Ant” · RSS (High+Critical only)
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-11-13
2024-11-29
High
CVE-2024-35371
Ant-Media-Serverv2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or valid…
2024-10-21
Medium
CVE-2024-47714
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: use hweight16 to get correct tx antenna The chainmask is u16 so using hweight8 cannot get correct tx_ant. Wit…
2024-09-23
High
CVE-2024-37779
WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality.
2024-09-19
Critical
CVE-2024-46983
sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. The SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous cla…
2024-05-15
Medium
CVE-2024-3488
File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without authentication.
2024-05-14
Medium
CVE-2024-3462
Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for…
2024-04-22
High
CVE-2024-32656
Ant Media Server is live streaming engine software. A local privilege escalation vulnerability in present in versions 2.6.0 through 2.8.2 allows any unprivileged operating system user account to esca…
2024-01-19
Medium
CVE-2024-23686
DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.
2023-08-08
Medium
CVE-2023-3653
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Stored XSS. This issue affects E-Commerce Software: befor…
Medium
CVE-2023-3652
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Reflected XSS. This issue affects E-Commerce Software: be…
Critical
CVE-2023-3651
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Ant E-Commerce Software allows SQL Injection. This issue affects E-Commerce Software: be…
2023-07-31
Critical
CVE-2023-37647
SEMCMS v1.5 was discovered to contain a SQL injection vulnerability via the id parameter at /Ant_Suxin.php.
2023-05-23
Critical
CVE-2023-23306
The `Toybox.Ant.BurstPayload.add` API method in CIQ API version 2.2.0 through 4.1.7 suffers from a type confusion vulnreability, which can result in an out-of-bounds write operation. A malicious appl…
Critical
CVE-2023-23303
The `Toybox.Ant.GenericChannel.enableEncryption` API method in CIQ API version 3.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attribute…
High
CVE-2023-31741
There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request par…
2023-05-22
High
CVE-2023-31742
There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. If an attacker gains web management privileges, they can inject commands into the post requ…
2023-05-19
Critical
CVE-2023-31707
SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php.
2023-01-14
High
CVE-2023-22602
When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot…
2022-10-28
Critical
CVE-2021-38733
SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_BlogCat.php.
Critical
CVE-2021-38732
SEMCMS SHOP v 1.1 is vulnerable to SQL via Ant_Message.php.
Critical
CVE-2021-38731
SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Zekou.php.
Critical
CVE-2021-38730
SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Info.php.
Critical
CVE-2021-38729
SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Plist.php.
Medium
CVE-2021-38728
SEMCMS SHOP v 1.1 is vulnerable to Cross Site Scripting (XSS) via Ant_M_Coup.php.
Critical
CVE-2021-38737
SEMCMS v 1.1 is vulnerable to SQL Injection via Ant_Pro.php.
Critical
CVE-2021-38736
SEMCMS Shop V 1.1 is vulnerable to SQL Injection via Ant_Global.php.
Critical
CVE-2021-38734
SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php.
2022-08-09
Medium
CVE-2022-2726
A vulnerability classified as critical has been found in SEMCMS. This affects an unknown part of the file Ant_Check.php. The manipulation of the argument DID leads to sql injection. It is possible to…
2021-07-14
Medium
CVE-2021-36374
When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. Th…
Medium
CVE-2021-36373
When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used…
2020-10-01
High
CVE-2020-11979
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task delete…
2020-05-14
Medium
CVE-2020-1945
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The…
2019-10-23
Medium
CVE-2019-18350
In Ant Design Pro 4.0.0, reflected XSS in the user/login redirect GET parameter affects the authorization component, leading to execution of JavaScript code in the login after-action script.
2017-12-06
Medium
CVE-2017-17383
Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant…
2017-07-17
High
CVE-2017-9810
There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacke…
2015-07-07
Medium
CVE-2015-2850
Cross-site scripting (XSS) vulnerability in index-login.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices allows remote attackers…
High
CVE-2015-2849
SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attacker…
2012-03-21
Medium
CVE-2012-1461
The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus V…
2007-10-16
Critical
CVE-2007-5483
Unspecified vulnerability in the Administrative Scripting Tools (such as wsadmin or ANT) in IBM WebSphere Application Server 5.x and 6.0.x has unknown impact and attack vectors.
2006-12-13
Medium
CVE-2006-6496
The (1) VetMONNT.sys and (2) VetFDDNT.sys drivers in CA Anti-Virus 2007 8.1, Anti-Virus for Vista Beta 8.2, and CA Internet Security Suite 2007 v3.0 do not properly handle NULL buffers, which allows…
2006-06-27
High
CVE-2006-3223
Format string vulnerability in CA Integrated Threat Management (ITM), eTrust Antivirus (eAV), and eTrust PestPatrol (ePP) r8 allows attackers to cause a denial of service (crash) and possibly execute…
2005-12-31
Low
CVE-2005-3126
The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) scripts in antiword 0.35 and earlier allow local users to overwrite arbitrary files via a symlink attack on temporary (a) output and…
2004-12-31
Medium
CVE-2004-2405
Buffer overflow in multiple F-Secure Anti-Virus products, including F-Secure Anti-Virus 5.42 and earlier, allows remote attackers to bypass scanning or cause a denial of service (crash or module rest…