61155 matches found
CVE-2026-24343
Improper Neutralization of Data within XPath Expressions 'XPath Injection' vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue...
CVE-2026-23906 Apache Druid: Authentication Bypass via LDAP Anonymous Bind
Affected Products and Versions Apache Druid Affected Versions: 0.17.0 through 35.x all versions prior to 36.0.0 Prerequisites: druid-basic-security extension enabled LDAP authenticator configured Underlying LDAP server permits anonymous bind ...
CVE-2026-23906
Affected Products and Versions Apache Druid Affected Versions: 0.17.0 through 35.x all versions prior to 36.0.0 Prerequisites: druid-basic-security extension enabled LDAP authenticator configured Underlying LDAP server permits anonymous bind ...
CVE-2026-23906 Apache Druid: Authentication Bypass via LDAP Anonymous Bind
Affected Products and Versions Apache Druid Affected Versions: 0.17.0 through 35.x all versions prior to 36.0.0 Prerequisites: druid-basic-security extension enabled LDAP authenticator configured Underlying LDAP server permits anonymous bind ...
CVE-2026-23906
Summary (CVE-2026-23906) : Apache Druid versions 0.17.0 through 35.x are affected when using the druid-basic-security extension with LDAP authentication and an LDAP server that allows anonymous bind. The vulnerability arises from improper validation of LDAP authentication responses, where anonymo...
CVE-2026-23901 Apache Shiro: Brute force attack possible to determine valid user names
Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...
CVE-2026-23901 Apache Shiro: Brute force attack possible to determine valid user names
Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...
CVE-2026-23901
CVE-2026-23901 describes an observable timing discrepancy vulnerability in Apache Shiro affecting 1.* and 2.* before 2.0.7. The issue allows a local brute-force-style timing difference to reveal whether a username exists or a password is incorrect, enabling username enumeration. The most likely a...
CVE-2026-23901
Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...
Apache Shiro 安全漏洞
Apache Shiro is a Java security framework developed by the Apache Foundation in the United States. It is used for authentication, authorization, encryption, and session management. Versions of Apache Shiro such as 1. and 2.0.7 had security vulnerabilities. These vulnerabilities were due to observ...
PT-2026-7820
CVE-2026-25973 - "Apache HTTP Server Cross-Site Request Forgery" CVE ID : CVE-2026-25973 Published : 2026年2月10日 05:16 | 1 小时,59 分钟 ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
PT-2026-7826
CVE-2026-25979 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2026-25979 Published : 2026年2月10日 05:16 | 1 小时,59 分钟 ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
PT-2026-7827
CVE-2026-25980 - Apache OpenSSH Authentication Bypass CVE ID : CVE-2026-25980 Published : 2026年2月10日 05:16 | 1 小时,59 分钟 ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
PT-2026-7821
CVE-2026-25974 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2026-25974 Published : 2026年2月10日 05:16 | 1 小时,59 分钟 ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
PT-2026-7824
CVE-2026-25977 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2026-25977 Published : 2026年2月10日 05:16 | 1 小时,59 分钟 ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Apache Syncope Cross-Site Scripting Vulnerability
Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. Apache Syncope suffers from a cross-site scripting vulnerability that stem...
Apache Syncope Code Issue Vulnerability
Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. Apache Syncope there is a code problem vulnerability , the vulnerability...
PT-2026-7822
CVE-2026-25975 - Apache HTTP Server Remote Code Execution CVE ID : CVE-2026-25975 Published : 2026年2月10日 05:16 | 1 小时,59 分钟 ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
PT-2026-7899
CVE-2026-25950 - Apache HTTP Server Cross-Site Scripting CVE ID : CVE-2026-25950 Published : Feb. 10, 2026, 6:16 p.m. | 1 hour ago Description : Rejected reason: Further research determined the issue is not a vulnerability. Severity: 0.0 | NA Visit the link for more details, such as CVSS details,...
PT-2026-7828
CVE-2026-25981 - Apache HTTP Server Deserialization CVE ID : CVE-2026-25981 Published : 2026年2月10日 05:16 | 1 小时,59 分钟 ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...