Where
-Infinity
0

Trending

Last week
Last month
Last year

Apache ShiroApache Shiro: Brute force attack possible to determine valid user names

Risk 11
Severity
2.5
EPSS
0.01%
First published (updated )
CVE-2026-23901

Apache ShiroApache Shiro: Auth bypass when accessing static files only on case-insensitive filesystems

Risk 20
Severity
5.3
EPSS
0.12%
First published (updated )
CVE-2026-23903

oss-secCVE-2026-23901: Apache Shiro: Brute force attack possible to determine valid user names

First published (updated )
https://seclists.org/oss-sec/2026/q1/149

oss-secCVE-2026-23903: Apache Shiro: Auth bypass when accessing static files only on case-insensitive filesystems

First published (updated )
https://seclists.org/oss-sec/2026/q1/148

CVE-2023-46749: Apache Shiro before 1.130 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting

First published (updated )
https://seclists.org/oss-sec/2024/q1/19
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache ShiroApache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting

Risk 66
Severity
6.6
First published (updated )
CVE-2023-46749

Apache ShiroApache Shiro: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Shiro.

Risk 45
Severity
7.4
First published (updated )
CVE-2023-46750

CVE-2023-46750: Apache Shiro: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Shiro.

First published (updated )
https://seclists.org/oss-sec/2023/q4/275

Apache ShiroApache Shiro before 1.12.0, or 2.0.0-alpha-3, may be susceptible to a path traversal attack when used together with APIs or other web frameworks that route requests based on non-normalized requests.

Risk 92
Severity
9.8
First published (updated )
CVE-2023-34478

CVE-2023-34478: Apache Shiro before 1.12.0, or 2.0.0-alpha-3, may be susceptible to a path traversal attack when used together with APIs or other web frameworks that route requests based on non-normalized requests.

First published (updated )
https://seclists.org/oss-sec/2023/q3/62
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

maven/org.apache.shiro:shiro-rootApache Shiro before 1.11.0, when used with Spring Boot 2.6+, may allow authentication bypass through a specially crafted HTTP request

Risk 45
Severity
7.5
First published (updated )
CVE-2023-22602

Apache ShiroAuthentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher

Risk 86
Severity
9.8
First published (updated )
CVE-2022-40664

Apache ShiroAuthentication Bypass Vulnerability

Risk 88
Severity
9.8
First published (updated )
CVE-2022-32532

Oracle Financial Services Crime And Compliance Management StudioApache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass

Risk 86
Severity
9.8
First published (updated )
CVE-2021-41303

Apache ShiroApache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may…

Risk 86
Severity
9.8
First published (updated )
CVE-2020-17523
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

ubuntu/shiroApache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may…

Risk 90
Severity
9.8
First published (updated )
CVE-2020-17510

ubuntu/shiroInput Validation

Risk 46
Severity
7.5
First published (updated )
CVE-2020-13933

Apache ShiroApache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially craf…

Risk 88
Severity
9.8
First published (updated )
CVE-2020-11989

Apache ShiroApache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially craf…

Risk 86
Severity
9.8
First published (updated )
CVE-2020-1957

Apache ShiroInput Validation

Risk 45
Severity
7.5
First published (updated )
CVE-2019-12422
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache ShiroLast updated 10 December 2024

Risk 45
Severity
7.5
First published (updated )
CVE-2016-6802

Apache ShiroApache Shiro Code Execution Vulnerability

Risk 99
Severity
9.8
Exploited
First published (updated )
CVE-2016-4437

Apache ShiroApache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows r…

Risk 52
Severity
7.5
First published (updated )
CVE-2014-0074

maven/org.apache.shiro:shiro-rootPath Traversal

Risk 27
Severity
5
First published (updated )
CVE-2010-3863

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203