CVE-2026-3963

A security flaw has been discovered in perfree go-fastdfs-web up to 1.3.7. This affects the function rememberMeManager of the file src/main/java/com/perfree/config/ShiroConfig.java of the component Apache Shiro RememberMe. Performing a manipulation results in use of hard-coded cryptographic key...

PT-2025-32490 · Unknown · 猫宁I Morning

Name of the Vulnerable Software and Affected Versions: 猫宁i Morning affected versions not specified Description: A critical path traversal issue exists in the Shiro Configuration component of 猫宁i Morning. The issue affects an unknown function within the /index file. This allows for remote...

CVE-2025-3569

A vulnerability was found in JamesZBL/code-projects db-hospital-drug 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ShiroConfig.java. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been...

CVE-2022-35857

kvf-admin through 2022-02-12 allows remote attackers to execute arbitrary code because deserialization is mishandled. The rememberMe parameter is encrypted with a hardcoded key from the com.kalvin.kvf.common.shiro.ShiroConfig file...

PT-2022-22971 · Kvf-Admin · Kvf-Admin

Name of the Vulnerable Software and Affected Versions: kvf-admin through 2022-02-12 Description: The issue allows remote attackers to execute arbitrary code because deserialization is mishandled. The rememberMe parameter is encrypted with a hardcoded key from the...