Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-49268 |
|
Vulnerability in org.apache.shiro:shiro-core (CVE-2026-49268)
vulnerability in org.apache.shiro:shiro-core (CVE-2026-49268). Confidential information can be exposed externally. Mitigation: upgrade to `3.0.0-alpha-2` or later.
|
| CVE-2026-43828 |
|
Vulnerability in org.apache.shiro:shiro-web (CVE-2026-43828)
vulnerability in org.apache.shiro:shiro-web (CVE-2026-43828). Confidential information can be exposed externally. Mitigation: upgrade to `3.0.0-alpha-2` or later.
|
| CVE-2026-44598 |
|
Open Redirect in org.apache.shiro:shiro-jakarta-ee (CVE-2026-44598)
vulnerability in org.apache.shiro:shiro-jakarta-ee (CVE-2026-44598). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.0-alpha-2` or later.
|
| CVE-2026-43827 |
|
Vulnerability in org.apache.shiro:shiro-core (CVE-2026-43827)
vulnerability in org.apache.shiro:shiro-core (CVE-2026-43827). Confidential information can be exposed externally. Mitigation: upgrade to `3.0.0-alpha-2` or later.
|
| CVE-2026-48589 |
|
Open Redirect in apache (CVE-2026-48589)
vulnerability in apache (CVE-2026-48589). Risk of unauthorized operations or information disclosure. Exploitable via `Referer header`.
|
| CVE-2016-4437 KEV |
|
[KEV] Vulnerability in Apache shiro (CVE-2016-4437)
vulnerability in Apache shiro (CVE-2016-4437). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|