Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: shiro Clear
ID Title
CVE-2026-49268 Vulnerability in org.apache.shiro:shiro-core (CVE-2026-49268)
vulnerability in org.apache.shiro:shiro-core (CVE-2026-49268). Confidential information can be exposed externally. Mitigation: upgrade to `3.0.0-alpha-2` or later.
CVE-2026-43828 Vulnerability in org.apache.shiro:shiro-web (CVE-2026-43828)
vulnerability in org.apache.shiro:shiro-web (CVE-2026-43828). Confidential information can be exposed externally. Mitigation: upgrade to `3.0.0-alpha-2` or later.
CVE-2026-44598 Open Redirect in org.apache.shiro:shiro-jakarta-ee (CVE-2026-44598)
vulnerability in org.apache.shiro:shiro-jakarta-ee (CVE-2026-44598). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.0-alpha-2` or later.
CVE-2026-43827 Vulnerability in org.apache.shiro:shiro-core (CVE-2026-43827)
vulnerability in org.apache.shiro:shiro-core (CVE-2026-43827). Confidential information can be exposed externally. Mitigation: upgrade to `3.0.0-alpha-2` or later.
CVE-2026-48589 Open Redirect in apache (CVE-2026-48589)
vulnerability in apache (CVE-2026-48589). Risk of unauthorized operations or information disclosure. Exploitable via `Referer header`.
CVE-2016-4437 KEV [KEV] Vulnerability in Apache shiro (CVE-2016-4437)
vulnerability in Apache shiro (CVE-2016-4437). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →