Lucene search
K

460 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-48589

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Shiro's Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login. In affected versions, insufficient validati...

5.4CVSS5.8AI score0.00352EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.16 views

Linux Distros Unpatched Vulnerability : CVE-2026-43827

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Default configurations of Apache Shiro have a session fixation vulnerability. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are...

6.5CVSS5.8AI score0.00412EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/05/25 11:19 p.m.8 views

ca.ibodrov.concord:mcp-for-concord (>=0.0.1 <=0.0.2), ca.ibodrov.concord:testcontainers-concord-core (>=2.0.3 <=2.0.5) +182 more potentially affected by CVE-2026-43828 via org.apache.shiro:shiro-web (>=2.0.0-alpha-1 <=2.1.0)

org.apache.shiro:shiro-web MAVEN version =2.0.0-alpha-1, =0.0.1, =2.0.3, =0.0.27, =0.0.27, =0.0.27, =8.0.0, =8.0.0, =1.0.2, =3.4.0, =3.3.0, =3.3.0, =3.3.0, =3.3.0, =3.3.0, =3.8.0 and more Source cves: CVE-2026-43828 Source advisory: SNYK:JAVA-ORGAPACHESHIRO-17116502...

6.5CVSS5.7AI score0.00272EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/25 11:19 p.m.5 views

com.github.fangjinuo.agileway:agileway-shiro-redis (>=2.3.3 <=3.1.12), com.github.fangjinuo.agileway:agileway-shiro-redis-springdata2 (>=2.4.2 <=3.1.12) +27 more potentially affected by CVE-2026-43828 via org.apache.shiro:shiro-web (=3.0.0-alpha-1)

org.apache.shiro:shiro-web MAVEN version =3.0.0-alpha-1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.shiro:shiro-web and may be impacted: - com.github.fangjinuo.agileway:agileway-shiro-redis =2.3.3, =2.4.2, =0.0.3, =0.0.3, =0.0.3, =0.0.3,...

6.5CVSS5.7AI score0.00272EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/25 11:19 p.m.8 views

cloud.opencode.base:opencode-base-token (=1.0.0), com.flowlogix.depchain:shiro-jakarta (>=18 <=119) +22 more potentially affected by CVE-2026-44598 via org.apache.shiro:shiro-jakarta-ee (>=2.0.0-alpha-1 <=2.1.0)

org.apache.shiro:shiro-jakarta-ee MAVEN version =2.0.0-alpha-1, =18, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =0.82.10, =0.82.10, =4.7.0, =3.10.0, =3.10.0, =3.10.0, =4.5.0, =4.20.0 and more Source cves: CVE-2026-44598 Source advisory: SNYK:JAVA-ORGAPACHESHIRO-17115416...

5.4CVSS5.5AI score0.00383EPSS
Exploits0
NVD
NVD
added 2026/05/25 9:16 p.m.20 views

CVE-2026-48589

Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login. In affected versions, insufficient validation of this client-controlled value could allow an attacker to influence the redirect target in applications using the Jakarta EE module...

5.4CVSS0.00352EPSS
Exploits0References2
NVD
NVD
added 2026/05/25 9:16 p.m.23 views

CVE-2026-43827

Default configurations of Apache Shiro have a session fixation vulnerability. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected versions, when a session already...

6.5CVSS0.00412EPSS
Exploits0References2
NVD
NVD
added 2026/05/25 9:16 p.m.17 views

CVE-2026-43828

Default configurations of Apache Shiro send sensitive cookies in HTTPS session without 'Secure' attribute. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected...

6.5CVSS0.00272EPSS
Exploits0References2
OSV
OSV
added 2026/05/25 9:16 p.m.12 views

UBUNTU-CVE-2026-43828

Default configurations of Apache Shiro send sensitive cookies in HTTPS session without 'Secure' attribute. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected...

6.5CVSS5.8AI score0.00272EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/05/25 9:16 p.m.13 views

CVE-2026-43828

Default configurations of Apache Shiro send sensitive cookies in HTTPS session without 'Secure' attribute. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected...

6.5CVSS5.8AI score0.00272EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/05/25 9:16 p.m.12 views

CVE-2026-44598

With valid login credentials, URL Redirection to Untrusted Site 'Open Redirect', Server-Side Request Forgery SSRF vulnerability in Apache Shiro. This issue affects Apache Shiro from 2.0-alpha to 2.1.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module. Users are recommended t...

5.4CVSS5.9AI score0.00383EPSS
Exploits0References4
OSV
OSV
added 2026/05/25 9:16 p.m.10 views

UBUNTU-CVE-2026-43827

Default configurations of Apache Shiro have a session fixation vulnerability. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected versions, when a session already...

6.5CVSS5.8AI score0.00412EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/05/25 9:16 p.m.11 views

CVE-2026-43827

Default configurations of Apache Shiro have a session fixation vulnerability. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected versions, when a session already...

6.5CVSS5.8AI score0.00412EPSS
Exploits0References4
OSV
OSV
added 2026/05/25 9:16 p.m.8 views

UBUNTU-CVE-2026-44598

With valid login credentials, URL Redirection to Untrusted Site 'Open Redirect', Server-Side Request Forgery SSRF vulnerability in Apache Shiro. This issue affects Apache Shiro from 2.0-alpha to 2.1.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module. Users are recommended t...

5.4CVSS5.9AI score0.00383EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/05/25 9:16 p.m.9 views

CVE-2026-48589

Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login. In affected versions, insufficient validation of this client-controlled value could allow an attacker to influence the redirect target in applications using the Jakarta EE module...

5.4CVSS5.8AI score0.00352EPSS
Exploits0References4
OSV
OSV
added 2026/05/25 9:16 p.m.42 views

UBUNTU-CVE-2026-48589

Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login. In affected versions, insufficient validation of this client-controlled value could allow an attacker to influence the redirect target in applications using the Jakarta EE module...

5.4CVSS5.8AI score0.00352EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/25 8:20 p.m.11 views

CVE-2026-48589

Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login. In affected versions, insufficient validation of this client-controlled value could allow an attacker to influence the redirect target in applications using the Jakarta EE module...

5.4CVSS5.8AI score0.00352EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/25 8:20 p.m.31 views

CVE-2026-48589 Apache Shiro: Jakarta EE open redirect via untrusted Referer in post-login redirect flow

Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login. In affected versions, insufficient validation of this client-controlled value could allow an attacker to influence the redirect target in applications using the Jakarta EE module...

0.00352EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/25 8:20 p.m.13 views

EUVD-2026-31738

Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login. In affected versions, insufficient validation of this client-controlled value could allow an attacker to influence the redirect target in applications using the Jakarta EE module...

5.8AI score0.00352EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/25 8:20 p.m.10 views

CVE-2026-48589 Apache Shiro: Jakarta EE open redirect via untrusted Referer in post-login redirect flow

Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login. In affected versions, insufficient validation of this client-controlled value could allow an attacker to influence the redirect target in applications using the Jakarta EE module...

5.8AI score0.00352EPSS
Exploits0References1
Rows per page
Query Builder