Lucene search
K

26 matches found

Tenable Nessus
Tenable Nessus
added 4 days ago3 views

Linux Distros Unpatched Vulnerability : CVE-2026-56091

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using Apache Shiro with the shiro-guice module in a web servlet context, a specially crafted HTTP request may cause an authentication bypass. This...

8.2CVSS5.8AI score0.00422EPSS
Exploits0References3
NVD
NVD
added last week6 views

CVE-2026-56091

When using Apache Shiro with the shiro-guice module in a web servlet context, a specially crafted HTTP request may cause an authentication bypass. This vulnerability is similar to https://vulners.com/cve/CVE-2020-1957 https://www.cve.org/CVERecord , except that it affects the shiro-guice module...

8.2CVSS0.00422EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added last week8 views

CVE-2026-56091

When using Apache Shiro with the shiro-guice module in a web servlet context, a specially crafted HTTP request may cause an authentication bypass. This vulnerability is similar to https://vulners.com/cve/CVE-2020-1957 https://www.cve.org/CVERecord , except that it affects the shiro-guice module...

8.2CVSS5.9AI score0.00422EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added last week6 views

EUVD-2026-39230

When using Apache Shiro with the shiro-guice module in a web servlet context, a specially crafted HTTP request may cause an authentication bypass. This vulnerability is similar to https://vulners.com/cve/CVE-2020-1957 https://www.cve.org/CVERecord , except that it affects the shiro-guice module...

9.8CVSS5.9AI score0.24163EPSS
Exploits1References1
Cvelist
Cvelist
added last week26 views

CVE-2026-56091 Apache Shiro: Authentication bypass in Guice-Web integration

When using Apache Shiro with the shiro-guice module in a web servlet context, a specially crafted HTTP request may cause an authentication bypass. This vulnerability is similar to https://vulners.com/cve/CVE-2020-1957 https://www.cve.org/CVERecord , except that it affects the shiro-guice module...

8.2CVSS0.00422EPSS
Exploits0References1
CVE
CVE
added last week15 views

CVE-2026-56091

CVE-2026-56091 involves Apache Shiro when used with the shiro-guice module in a web servlet context. A specially crafted HTTP request may cause an authentication bypass. Affected: all Apache Shiro versions through 2.x; 3.0.0-alpha-1 is affected when using shiro-guice in this context. Remediation:...

8.2CVSS5.9AI score0.00422EPSS
Exploits0References1
Fedora
Fedora
added 2024/03/07 10:33 p.m.26 views

[SECURITY] Fedora 40 Update: google-guice-5.1.0-11.fc40

Put simply, Guice alleviates the need for factories and the use of new in your Java code. Think of Guice's @Inject as the new new. You will still need to write factories in some cases, but your code will not depend directly on them. Your code will be easier to change, unit test and reuse in other...

8.8CVSS7AI score0.02557EPSS
Exploits3
Rockylinux
Rockylinux
added 2023/05/25 7:53 p.m.41 views

maven bug fix and enhancement update

An update is available for plexus-interpolation, httpcomponents-core, maven-wagon, maven, google-guice, jsoup, jansi, apache-commons-io, apache-commons-lang3, maven-shared-utils, plexus-utils, plexus-classworlds, jakarta-annotations, httpcomponents-client, apache-commons-codec, plexus-cipher,...

6.6AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/04/03 9:30 a.m.32 views

Apache James server's JMX management service vulnerable to privilege escalation by local user

Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX...

7.8CVSS7.7AI score0.00654EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2023/04/03 8:15 a.m.19 views

CVE-2023-26269

Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX...

7.8CVSS7.9AI score0.00654EPSS
Exploits0References2
OSV
OSV
added 2023/04/03 8:15 a.m.18 views

CVE-2023-26269

Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX...

7.8CVSS7.8AI score
Exploits0References2
Prion
Prion
added 2023/04/03 8:15 a.m.16 views

Authentication flaw

Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX...

4.3CVSS8AI score0.00654EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/04/03 7:59 a.m.19 views

CVE-2023-26269 Apache James server: Privilege escalation through unauthenticated JMX

Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX...

8.1AI score0.00654EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/04/03 7:59 a.m.15 views

CVE-2023-26269 Apache James server: Privilege escalation through unauthenticated JMX

Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX...

7.8AI score0.00654EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/04/03 12:0 a.m.4 views

PT-2023-20578 · Apache · Apache James Server

Name of the Vulnerable Software and Affected Versions: Apache James server versions 3.7.3 and earlier Description: The issue allows privilege escalation by a malicious local user due to the JMX management service being provided without authentication by default. Administrators are advised to take...

7.8CVSS7.8AI score0.00654EPSS
Exploits0References12
vulnersOsv
vulnersOsv
added 2022/06/30 12:0 a.m.8 views

be.fluid-it.guice.extensions:guice-multi-shiro-realms (=0.1-1), be.fluid-it.shiro.jee:shiro-jee-authc (>=0.1-1 <=0.1-3) +3019 more potentially affected by CVE-2022-32532 via org.apache.shiro:shiro-core (>=1.0.0-incubating <=1.9.0)

org.apache.shiro:shiro-core MAVEN version =1.0.0-incubating, =0.1-1, =4.0.0-RC2, =1.0.0, =1.0.0, =0.0.2, =0.0.21, =0.0.2, =0.0.1, =1.0.2, =1.0.0, =1.0.0, =2.0.0 - cn.acooly:acooly-auth-wechat-authenticator =5.2.1 and more Source cves: CVE-2022-32532 Source advisory: OSV:GHSA-4CF5-XMHP-3XJ7...

9.8CVSS7.1AI score0.25431EPSS
Exploits0
Rockylinux
Rockylinux
added 2022/05/17 6:36 a.m.36 views

new packages: google-guice

An update is available for google-guice. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

2.2AI score
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/17 3:49 a.m.7 views

org.infinispan:infinispan-distribution (=9.0.0.Beta1), org.infinispan:infinispan-javadoc-all (=9.0.0.Beta1) +26 more potentially affected by CVE-2016-6345 via org.jboss.resteasy:resteasy-client (>=3.1.0.Beta1 <=3.1.0.Beta2)

org.jboss.resteasy:resteasy-client MAVEN version =3.1.0.Beta1, =5.3.4.Final, =5.3.4.Final, =3.1.0.Beta1, =3.1.0.Beta1, =3.1.0.Beta1, =3.1.0.Beta1, =3.1.0.Beta1, =3.1.0.Beta1, =3.1.0.Beta1, =3.1.0.Beta2 and more Source cves: CVE-2016-6345 Source advisory: OSV:GHSA-VXHJ-3X7P-JXP5...

6.5CVSS6.7AI score0.01497EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/14 2:46 a.m.7 views

be.fluid-it.guice.extensions:guice-multi-shiro-realms (=0.1-1), be.fluid-it.shiro.jee:shiro-jee-authc (>=0.1-1 <=0.1-3) +1469 more potentially affected by CVE-2016-4437 via org.apache.shiro:shiro-core (>=1.0.0-incubating <=1.2.4)

org.apache.shiro:shiro-core MAVEN version =1.0.0-incubating, =0.1-1, =4.0.0-RC2, =1.0.0, =2.0.0, =0.0.2, =0.1, =0.1, =0.1, =2.1.0-RELEASE, =1.0, =1.0.3 - cn.org.awcp:awcp-formdesigner-application =1.0-RELEASE - cn.org.awcp:awcp-formdesigner-applicationImpl =1.0-RELEASE -...

9.8CVSS7.1AI score0.93143EPSS
Exploits9
vulnersOsv
vulnersOsv
added 2022/05/14 1:51 a.m.4 views

ca.stellardrift.guice-backport.extensions:guice-struts2 (=5.0.1), com.google.inject.extensions:guice-struts2 (>=3.0 <=5.0.1) +63 more potentially affected by CVE-2012-0838 via org.apache.struts.xwork:xwork-core (>=2.2.1 <=2.2.3)

org.apache.struts.xwork:xwork-core MAVEN version =2.2.1, =3.0, =2.4.0, =2.4.0, =3.0.0, =3.0.0, =2.4.0, =2.4.0, =2.4.0, =3.0.0, =2.0.0, =0.9.2, =0.9.0, =0.9.1 - io.forestframework:guice-struts2 =5.0.1.1 and more Source cves: CVE-2012-0838 Source advisory: OSV:GHSA-MWRX-HX6X-3HHV...

10CVSS7.2AI score0.14032EPSS
Exploits0
Rows per page
Query Builder