26926 matches found
CVE-2026-43828 Apache Shiro: Shiro's native session and rememberMe cookies do not have secure flag set by default
Default configurations of Apache Shiro send sensitive cookies in HTTPS session without 'Secure' attribute. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected...
CVE-2026-43828
Default configurations of Apache Shiro send sensitive cookies in HTTPS session without 'Secure' attribute. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected...
PYSEC-2026-166
Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to...
CVE-2026-45361
Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to...
PYSEC-2026-166
Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to...
EUVD-2026-31659
Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to...
CLSA-2026-1779694887 rsync: Fix of CVE-2026-29518
CVE-2026-29518: fix daemon-no-chroot TOCTOU symlink race by tracking per-module chroot in amchrooted, routing sender read-path, receiver basis-file open, mkstemp, and inplace write through securerelativeopen / securemkstemp...
CLSA-2026-1779694727 Fix CVE(s): CVE-2026-29518
SECURITY UPDATE: daemon-no-chroot TOCTOU symlink race - debian/patches/CVE-2026-29518.patch: track per-module chroot in amchrooted and usesecuresymlinks; route the sender's read-path open, the receiver's basis-file open, mkstemp, and inplace write through securerelativeopen / securemkstemp -...
CLSA-2026-1779694460 Fix CVE(s): CVE-2026-29518
SECURITY UPDATE: daemon-no-chroot TOCTOU symlink race - debian/patches/CVE-2026-29518.patch: track per-module chroot in amchrooted and usesecuresymlinks; route the sender's read-path open, the receiver's basis-file open, mkstemp, and inplace write through securerelativeopen / securemkstemp -...
CLSA-2026-1779694338 rsync: Fix of CVE-2026-29518
CVE-2026-29518: fix daemon-no-chroot sender TOCTOU symlink race by opening source files via securerelativeopen from module root...
Linux Distros Unpatched Vulnerability : CVE-2026-39834
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop t...
Apache Shiro 安全漏洞
Apache Shiro is a set of Java security frameworks for performing authentication, authorization, encryption, and session management from the Apache Foundation USA. A security vulnerability exists in Apache Shiro versions 1.0 through 2.1.0 and 3.0.0-alpha-1, which stems from a default configuration...
"What Is the Problem Space?" Defining Host-Space Adversarial Perturbations against Network Intrusion Detection Systems
Network Intrusion Detection Systems NIDS are now increasingly leveraging Machine Learning ML techniques to detect malicious network activities. Numerous papers have scrutinized the security of ML-based NIDS ML-NIDS by testing them against various attacks involving adversarial perturbations. The...
PT-2026-43119
Name of the Vulnerable Software and Affected Versions Apache Shiro versions 1.0 through 2.1.0 Apache Shiro version 3.0.0-alpha-1 Description Default configurations cause the Shiro-native session manager and the Remember-Me manager to send JSESSIONID and rememberMe cookies without the 'Secure'...
ROS-20260524-73-0003
A vulnerability in the JSSE component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is associated with a breach of the data protection mechanism. Exploitation of the vulnerability could allow an attacker acting remotely to...
ROS-20260524-73-0005
A vulnerability in the JSSE component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is associated with a breach of the data protection mechanism. Exploitation of the vulnerability could allow an attacker acting remotely to...
ROS-20260524-73-0002
A vulnerability in the JSSE component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is associated with a breach of the data protection mechanism. Exploitation of the vulnerability could allow an attacker acting remotely to...
[SECURITY] Fedora 42 Update: nss-3.123.1-1.fc42
Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...
ios-imessage-zero-click-exploit
CVE-2025-31200/31201 - iOS Zero-Click iMessage Exploit Chai...
CLSA-2026-1779534149 unbound: Fix of CVE-2026-33278
CVE-2026-33278: use-after-free in DNSSEC validator dnsmsgdeepcopyregion during NSEC3 sub-query suspend/resume; buggy struct-assignment overwrote the destination's freshly-allocated rrsets pointer with the source's pointer, leaving a dangling pointer dereferenced after the source region was freed...