Lucene search
K

567 matches found

Github Security Blog
Github Security Blog
added 2026/02/09 12:30 p.m.6 views

Apache Shiro has an Authentication Bypass

Impact Authentication Bypass: A vulnerability exists in Apache Shiro that allows authentication bypass for static files when served from a case-insensitive filesystem such as the default configuration on macOS or Windows. The issue arises when Shiro's URL filters are configured with lower-case...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/02/09 10:15 a.m.4 views

CVE-2026-23903

Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...

5.3CVSS5.7AI score
Exploits0References2
NVD
NVD
added 2026/02/09 10:15 a.m.11 views

CVE-2026-23903

Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...

5.3CVSS0.00363EPSS
Exploits0References2
OSV
OSV
added 2026/02/09 10:15 a.m.6 views

UBUNTU-CVE-2026-23903

Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...

5.3CVSS7AI score0.00363EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/02/09 10:15 a.m.3 views

CVE-2026-23903

Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...

5.3CVSS7AI score0.00363EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/09 9:26 a.m.2 views

Authentication Bypass by Alternate Name

Overview org.apache.shiro:shiro-core is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. Affected versions of this package are vulnerable to Authentication Bypass by Alternate Name while serving static files from...

6.9CVSS5.6AI score0.00363EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/09 9:26 a.m.3 views

CVE-2026-23903 Apache Shiro: Auth bypass when accessing static files only on case-insensitive filesystems

Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...

5.5AI score0.00363EPSS
Exploits0References1
CVE
CVE
added 2026/02/09 9:26 a.m.41 views

CVE-2026-23903

Summary of CVE-2026-23903 (Apache Shiro): It is an Authentication Bypass by Alternate Name vulnerability affecting Apache Shiro versions before 2.0.7, triggered when static files are served from a case-insensitive filesystem (e.g., macOS defaults). In such cases, request filename casing can bypas...

5.3CVSS5.5AI score0.00363EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/09 9:26 a.m.5 views

CVE-2026-23903

Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...

5.3CVSS5.5AI score0.00363EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/09 9:26 a.m.35 views

CVE-2026-23903 Apache Shiro: Auth bypass when accessing static files only on case-insensitive filesystems

Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...

0.00363EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.5 views

Apache Shiro 安全漏洞

Apache Shiro is the United States Apache Apache Foundation set of Java security framework for performing authentication, authorization, encryption and session management . An authentication bypass vulnerability exists in Apache Shiro versions prior to 2.0.7. The vulnerability stems from an...

5.3CVSS7.2AI score0.00363EPSS
Exploits0References4
OSV
OSV
added 2026/01/28 11:0 p.m.4 views

GHSA-F72R-2H5J-7639 SiYuan File Read API Case Sensitivity Bypass can Lead to Path Traversal

File Read Interface Case Bypass Vulnerability Vulnerability Name File Read Interface Case Bypass Vulnerability Overview The /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can...

8.7CVSS5.6AI score0.00505EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.6 views

PT-2026-7417

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.5.5 Description The /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems, such as Windows, attackers can bypass these restrictions...

7.5CVSS5.5AI score0.00505EPSS
Exploits1References9
EUVD
EUVD
added 2026/01/21 1:5 a.m.6 views

EUVD-2026-3595

Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS...

8.8CVSS5.3AI score0.00233EPSS
Exploits1References3
NVD
NVD
added 2026/01/20 1:15 a.m.7 views

CVE-2026-23950

node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the path-reservations system. On case-insensitive or normalization-insensitive filesystems such as macOS APFS, In which it has...

8.8CVSS0.00233EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-23950

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path...

8.8CVSS5.5AI score0.00233EPSS
Exploits1References3
EUVD
EUVD
added 2026/01/16 3:49 p.m.5 views

EUVD-2026-2935

Deno has an incomplete fix for command-injection prevention on Windows — case-insensitive extension bypass...

8.1CVSS6.5AI score0.00619EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/01/12 12:0 a.m.4 views

Oracle Linux 9 : libsoup (ELSA-2026-0422)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-0422 advisory. - Fix patch for CVE-2025-14523 to handle comparison case-insensitively - Backport patch for CVE-2025-14523 Tenable has extracted the preceding description block...

8.2CVSS5.5AI score0.00496EPSS
Exploits0References2
Oracle linux
Oracle linux
added 2026/01/12 12:0 a.m.8 views

libsoup security update

2.72.0-12.3 - Fix patch for CVE-2025-14523 to handle comparison case-insensitively 2.72.0-12.2 - Backport patch for CVE-2025-14523 2.72.0-12.1 - Backport patch for CVE-2025-4945 and CVE-2025-11021...

8.2CVSS6.6AI score0.00594EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 12:15 p.m.14 views

CVE-2018-1000118

Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to hav...

9.3CVSS7.4AI score0.84434EPSS
Exploits31References1
Rows per page
Query Builder