CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/25 8:19 p.m.•9 views

EUVD-2026-31736

Default configurations of Apache Shiro have a session fixation vulnerability. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected versions, when a session already...

5.9CVSS5.8AI score0.00067EPSS

ATTACKERKB•added 2026/05/25 8:19 p.m.•9 views

CVE-2026-43827

5.9CVSS5.8AI score0.00067EPSS

Debian CVE•added 2026/05/25 8:19 p.m.•9 views

CVE-2026-43827

6.5CVSS5.8AI score0.00067EPSS

Exploits0

NVD•added 2026/05/25 4:16 p.m.•16 views

CVE-2026-42797

Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope. An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which allows any administrator with sufficient entitlements for User read to access User-related...

4.9CVSS0.00061EPSS

NVD•added 2026/05/25 4:16 p.m.•13 views

CVE-2026-42782

Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted code reaching a non-sandboxed execution path via the class static initializer. This issue affects...

7.2CVSS0.0007EPSS

Cvelist•added 2026/05/25 3:0 p.m.•20 views

CVE-2026-42797 Apache Syncope: JexlContextBuilder Information Disclosure

0.00061EPSS

EUVD•added 2026/05/25 3:0 p.m.•8 views

EUVD-2026-31702

5.8AI score0.00061EPSS

CVE•added 2026/05/25 3:0 p.m.•12 views

CVE-2026-42797

CVE-2026-42797 (Apache Syncope) exposes a data-query related information disclosure via a misconfigured JEXL expression. An administrator with entitlements for Derived Schemas can craft a malicious JEXL expression that, if the requester also has User-read privileges, may access security-sensitive...

4.9CVSS5.8AI score0.00061EPSS

Vulnrichment•added 2026/05/25 3:0 p.m.•10 views

CVE-2026-42797 Apache Syncope: JexlContextBuilder Information Disclosure

5.8AI score0.00061EPSS

ATTACKERKB•added 2026/05/25 3:0 p.m.•7 views

CVE-2026-42797

5.8AI score0.00061EPSS

Cvelist•added 2026/05/25 2:58 p.m.•18 views

CVE-2026-42782 Apache Syncope: Post-auth RCE via Groovy static

0.0007EPSS

Vulnrichment•added 2026/05/25 2:58 p.m.•9 views

CVE-2026-42782 Apache Syncope: Post-auth RCE via Groovy static

6AI score0.0007EPSS

CVE•added 2026/05/25 2:58 p.m.•16 views

CVE-2026-42782

CVE-2026-42782 affects Apache Syncope 3.0–3.0.16, 4.0–4.0.5, and 4.1.0, caused by improper isolation that lets an administrator with sufficient entitlements load a malicious Groovy class whose static initializer reaches a non-sandboxed execution path. Remediation is to upgrade to 4.0.6 or 4.1.1, ...

7.2CVSS6AI score0.0007EPSS

ATTACKERKB•added 2026/05/25 2:58 p.m.•8 views

CVE-2026-42782

6AI score0.0007EPSS

EUVD•added 2026/05/25 2:58 p.m.•10 views

EUVD-2026-31696

6AI score0.0007EPSS

Snyk•added 2026/05/25 12:58 p.m.•6 views

LDAP Injection

Overview apache-airflow-providers-fab is a Provider package apache-airflow-providers-fab for Apache Airflow Affected versions of this package are vulnerable to LDAP Injection through the ldapbindindirect and nested group search code in override.py. An attacker can manipulate the LDAP username or...

9.1CVSS5.9AI score0.00169EPSS

Cvelist•added 2026/05/25 10:41 a.m.•42 views

CVE-2026-46745 Apache Airflow FAB provider: LDAP Filter Injection in FAB Auth Manager _search_ldap reachable via /auth/token

Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability CWE-90 that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to apache-airflow-providers-fab 3.6.4 or later. If immediate upgrade is not possible, disable LDAP...

0.00169EPSS