12 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-56091
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using Apache Shiro with the shiro-guice module in a web servlet context, a specially crafted HTTP request may cause an authentication bypass. This...
CVE-2026-56091
When using Apache Shiro with the shiro-guice module in a web servlet context, a specially crafted HTTP request may cause an authentication bypass. This vulnerability is similar to https://vulners.com/cve/CVE-2020-1957 https://www.cve.org/CVERecord , except that it affects the shiro-guice module...
EUVD-2026-39230
When using Apache Shiro with the shiro-guice module in a web servlet context, a specially crafted HTTP request may cause an authentication bypass. This vulnerability is similar to https://vulners.com/cve/CVE-2020-1957 https://www.cve.org/CVERecord , except that it affects the shiro-guice module...
CVE-2026-56091 Apache Shiro: Authentication bypass in Guice-Web integration
When using Apache Shiro with the shiro-guice module in a web servlet context, a specially crafted HTTP request may cause an authentication bypass. This vulnerability is similar to https://vulners.com/cve/CVE-2020-1957 https://www.cve.org/CVERecord , except that it affects the shiro-guice module...
CVE-2026-56091
When using Apache Shiro with the shiro-guice module in a web servlet context, a specially crafted HTTP request may cause an authentication bypass. This vulnerability is similar to https://vulners.com/cve/CVE-2020-1957 https://www.cve.org/CVERecord , except that it affects the shiro-guice module...
CVE-2026-56091
CVE-2026-56091 involves Apache Shiro when used with the shiro-guice module in a web servlet context. A specially crafted HTTP request may cause an authentication bypass. Affected: all Apache Shiro versions through 2.x; 3.0.0-alpha-1 is affected when using shiro-guice in this context. Remediation:...
CVE-2026-7024
A flaw has been found in rawchen sims up to 004f783b1db5ecdfad81c8fdc3b34171211112de. Affected by this issue is some unknown functionality of the file sims-master/src/web/servlet/file/DeleteFileServlet.java of the component deleteFileServlet Endpoint. Executing a manipulation of the argument...
CISA Flags Adobe AEM Flaw with Perfect 10.0 Score — Already Under Active Attack
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added a critical security flaw impacting Adobe Experience Manager to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-54253 CVSS score:...
EUVD-2017-14449
Malware in sbrugna...
PT-2021-8121 · Draytek · Draytek Vigorconnect
Name of the Vulnerable Software and Affected Versions: Draytek VigorConnect version 1.6.0-B3 Description: A local file inclusion vulnerability exists in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary...
jolokia: Cross site scripting in the HTTP servlet
An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser...
Jolokia Agent Cross-Site Scripting Vulnerability
Jolokia is a use of JSON via Http to achieve JMX remote management of open source projects , it provides JMX batch operation , security policies , etc. Jolokia agent is one of the agent . Jolokia agent 1.3.7 version of the HTTP servlet has a cross-site scripting vulnerability . A remote attacker...