CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

58 matches found

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-1351

Malicious code in bioql PyPI...

9CVSS9AI score0.05094EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-7009

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00708EPSS

Exploits0References9

Broadcom•added 2023/08/29 12:0 a.m.•29 views

Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.

Apache Shiro contains an authentication bypass vulnerability when it is forwarding or including requests usingRequestDispatchercomponent. This could allow an attacker to gain unauthorized access to the application...

9.8CVSS7.7AI score0.00708EPSS

Exploits0Affected Software1

RedhatCVE•added 2023/05/05 6:19 p.m.•53 views

CVE-2022-40664

A flaw was found in Apache Shiro. An authentication bypass vulnerability occurs when forwarding or including via the RequestDispatcher...

9.8CVSS9.1AI score0.00708EPSS

Exploits0References3

Veracode•added 2023/04/19 7:15 a.m.•18 views

Privilege Escalation

org.apache.sling:org.apache.sling.engine is vulnerable to Privilege Escalation. When an attacker is able to include a resource with specific content-type and control the include path, it allows the attacker to elevate privileges and acquire administrative power, because SlingRequestDispatcher...

9CVSS8.6AI score0.05094EPSS

Exploits0References6Affected Software1

OSV•added 2023/04/13 12:30 p.m.•16 views

GHSA-MG46-F9H5-G27X Apache Sling Engine vulnerable to cross-site scripting (XSS) that can lead to privilege escalation

The SlingRequestDispatcher doesn't correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specific content-type and...

8CVSS8.4AI score0.05094EPSS

Exploits0References4

OSV•added 2023/04/13 11:15 a.m.•21 views

CVE-2022-45064

9CVSS9.2AI score0.05094EPSS

Exploits0References2

Prion•added 2023/04/13 11:15 a.m.•13 views

Cross site scripting

6CVSS8.9AI score0.05094EPSS

Exploits0References2Affected Software1

Veracode•added 2022/10/13 5:34 p.m.•28 views

Authentication Bypass

org.apache.shiro:shiro-web is vulnerable to authentication bypass attacks. A remote attacker is able bypass the authentication mechanism when forwarding or including via RequestDispatcher...

9.8CVSS9.2AI score0.00708EPSS

Exploits0References11Affected Software2

CNVD•added 2022/10/13 12:0 a.m.•33 views

Apache Shiro Authentication Bypass Vulnerability (CNVD-2022-68497)

Apache Shiro is a Java security framework with authentication, access authorization, data encryption, session management, etc. An authentication bypass vulnerability exists in Apache Shiro, which is caused when requests are forwarded or requests are included via the RequestDispatcher interface, a...

9.8CVSS3.4AI score0.00708EPSS

Exploits0References1