Lucene search
K

648 matches found

CNNVD
CNNVD
added 2026/03/02 12:0 a.m.7 views

JeeSite 代码问题漏洞

JeeSite is a Java rapid development platform open-sourced by Jinan Zhuoyuan thinkgem. Versions of JeeSite 5.15.1 and earlier have code vulnerabilities. These vulnerabilities stem from operations on the component in the file /com/jeesite/common/shiro/cas/CasOutHandler.java, which may lead to XML...

8.1CVSS6AI score0.0035EPSS
Exploits1References5
CNVD
CNVD
added 2026/03/02 12:0 a.m.25 views

Apache Shiro Authentication Bypass Vulnerability

Apache Shiro is the United States Apache Apache Foundation set of Java security framework for performing authentication, authorization, encryption and session management . An authentication bypass vulnerability exists in Apache Shiro versions prior to 2.0.7. The vulnerability stems from an...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/22 12:0 a.m.11 views

forest 代码注入漏洞

Forest is a modern knowledge community backend project developed by RYMCU. It is implemented using SpringBoot, Shiro, MyBatis, JWT, and Redis. Versions of Forest 0.0.5 and earlier have a code injection vulnerability. This vulnerability stems from incorrect operations in the updateUserInfo functio...

5.4CVSS5.7AI score0.00276EPSS
Exploits1References5
Veracode
Veracode
added 2026/02/13 12:15 p.m.9 views

Authentication Bypass

Apache Shiro is vulnerable to Authentication Bypass. The vulnerability is due to inconsistent case handling between Shiro’s filter chain matching and the underlying case-insensitive filesystem, where filter rules may be defined only for lower-case paths while the filesystem resolves file names...

5.3CVSS5.4AI score0.00363EPSS
Exploits0References4Affected Software2
vulnersOsv
vulnersOsv
added 2026/02/10 12:30 p.m.8 views

be.fluid-it.guice.extensions:guice-multi-shiro-realms (=0.1-1), be.fluid-it.shiro.jee:shiro-jee-authc (>=0.1-1 <=0.1-3) +3106 more potentially affected by CVE-2026-23901 via org.apache.shiro:shiro-core (>=1.0.0-incubating <=2.0.6)

org.apache.shiro:shiro-core MAVEN version =1.0.0-incubating, =0.1-1, =4.0.0-RC2, =1.0.0, =1.0.0, =0.0.2, =0.0.21, =0.0.27, =0.0.2, =0.0.27, =0.0.1, =1.0.2, =1.0.0, =1.0.5 and more Source cves: CVE-2026-23901 Source advisory: OSV:GHSA-C4QC-4Q9P-M9Q9...

2.5CVSS7.2AI score0.00219EPSS
Exploits0
Snyk
Snyk
added 2026/02/10 12:30 p.m.5 views

Timing Attack

Overview org.apache.shiro:shiro-core is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. Affected versions of this package are vulnerable to Timing Attack in the authentication process. An attacker can infer the...

2.5CVSS5.7AI score0.00219EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/02/10 12:30 p.m.7 views

ca.ibodrov.concord:testcontainers-concord-core (>=2.0.3 <=2.0.5), ca.ibodrov.mica.docker:mica-standalone (>=0.0.27 <=0.0.34) +273 more potentially affected by CVE-2026-23901 via org.apache.shiro:shiro-core (>=2.0.0-alpha-1 <=2.0.6)

org.apache.shiro:shiro-core MAVEN version =2.0.0-alpha-1, =2.0.3, =0.0.27, =0.0.27, =0.0.27, =6.0.0, =8.0.0, =8.0.0, =2.2.0, =1.0.2, =3.4.0, =3.3.0, =3.3.0, =3.3.0, =3.3.0, =3.8.0 and more Source cves: CVE-2026-23901 Source advisory: SNYK:JAVA-ORGAPACHESHIRO-15253618...

2.5CVSS7.2AI score0.00219EPSS
Exploits0
OSV
OSV
added 2026/02/10 12:30 p.m.8 views

GHSA-C4QC-4Q9P-M9Q9 Apache Shiro Affected by an Observable Timing Discrepancy Vulnerability

Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...

1CVSS5.6AI score0.00219EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/10 12:30 p.m.29 views

Apache Shiro Affected by an Observable Timing Discrepancy Vulnerability

Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...

2.5CVSS5.6AI score0.00219EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/02/10 10:15 a.m.8 views

CVE-2026-23901

Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...

2.5CVSS0.00219EPSS
Exploits0References2
OSV
OSV
added 2026/02/10 10:15 a.m.3 views

CVE-2026-23901

Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...

2.5CVSS5.7AI score
Exploits0References2
OSV
OSV
added 2026/02/10 10:15 a.m.8 views

UBUNTU-CVE-2026-23901

Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...

2.5CVSS7.1AI score0.00219EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/10 9:25 a.m.5 views

CVE-2026-23901 Apache Shiro: Brute force attack possible to determine valid user names

Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...

1CVSS5.6AI score0.00219EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/10 9:25 a.m.28 views

CVE-2026-23901 Apache Shiro: Brute force attack possible to determine valid user names

Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...

1CVSS0.00219EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/02/10 9:25 a.m.17 views

CVE-2026-23901

Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...

2.5CVSS7.6AI score0.00219EPSS
Exploits0
CVE
CVE
added 2026/02/10 9:25 a.m.21 views

CVE-2026-23901

CVE-2026-23901 describes an observable timing discrepancy vulnerability in Apache Shiro affecting 1.* and 2.* before 2.0.7. The issue allows a local brute-force-style timing difference to reveal whether a username exists or a password is incorrect, enabling username enumeration. The most likely a...

2.5CVSS5.6AI score0.00219EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/10 9:25 a.m.5 views

CVE-2026-23901

Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...

1CVSS5.6AI score0.00219EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/10 12:0 a.m.3 views

CVE-2026-23901

Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...

2.5CVSS7AI score0.00219EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.10 views

Apache Shiro 安全漏洞

Apache Shiro is a Java security framework developed by the Apache Foundation in the United States. It is used for authentication, authorization, encryption, and session management. Versions of Apache Shiro such as 1. and 2.0.7 had security vulnerabilities. These vulnerabilities were due to observ...

2.5CVSS7.2AI score0.00219EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-23901

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to...

2.5CVSS7.1AI score0.00219EPSS
Exploits0References3
Rows per page
Query Builder