567 matches found
Apache Shiro has an Authentication Bypass
Impact Authentication Bypass: A vulnerability exists in Apache Shiro that allows authentication bypass for static files when served from a case-insensitive filesystem such as the default configuration on macOS or Windows. The issue arises when Shiro's URL filters are configured with lower-case...
CVE-2026-23903
Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...
CVE-2026-23903
Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...
UBUNTU-CVE-2026-23903
Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...
CVE-2026-23903
Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...
Authentication Bypass by Alternate Name
Overview org.apache.shiro:shiro-core is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. Affected versions of this package are vulnerable to Authentication Bypass by Alternate Name while serving static files from...
CVE-2026-23903 Apache Shiro: Auth bypass when accessing static files only on case-insensitive filesystems
Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...
CVE-2026-23903
Summary of CVE-2026-23903 (Apache Shiro): It is an Authentication Bypass by Alternate Name vulnerability affecting Apache Shiro versions before 2.0.7, triggered when static files are served from a case-insensitive filesystem (e.g., macOS defaults). In such cases, request filename casing can bypas...
CVE-2026-23903
Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...
CVE-2026-23903 Apache Shiro: Auth bypass when accessing static files only on case-insensitive filesystems
Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...
Apache Shiro 安全漏洞
Apache Shiro is the United States Apache Apache Foundation set of Java security framework for performing authentication, authorization, encryption and session management . An authentication bypass vulnerability exists in Apache Shiro versions prior to 2.0.7. The vulnerability stems from an...
GHSA-F72R-2H5J-7639 SiYuan File Read API Case Sensitivity Bypass can Lead to Path Traversal
File Read Interface Case Bypass Vulnerability Vulnerability Name File Read Interface Case Bypass Vulnerability Overview The /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can...
PT-2026-7417
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.5.5 Description The /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems, such as Windows, attackers can bypass these restrictions...
EUVD-2026-3595
Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS...
CVE-2026-23950
node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the path-reservations system. On case-insensitive or normalization-insensitive filesystems such as macOS APFS, In which it has...
Linux Distros Unpatched Vulnerability : CVE-2026-23950
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path...
EUVD-2026-2935
Deno has an incomplete fix for command-injection prevention on Windows — case-insensitive extension bypass...
Oracle Linux 9 : libsoup (ELSA-2026-0422)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-0422 advisory. - Fix patch for CVE-2025-14523 to handle comparison case-insensitively - Backport patch for CVE-2025-14523 Tenable has extracted the preceding description block...
libsoup security update
2.72.0-12.3 - Fix patch for CVE-2025-14523 to handle comparison case-insensitively 2.72.0-12.2 - Backport patch for CVE-2025-14523 2.72.0-12.1 - Backport patch for CVE-2025-4945 and CVE-2025-11021...
CVE-2018-1000118
Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to hav...