Lucene search
+L

13 matches found

RedHat Linux
RedHat Linux
added 2026/07/06 5:32 a.m.6 views

undici: Undici: Information disclosure due to improper cache-control header parsing

A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from...

5.9CVSS5.9AI score0.00374EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/07/06 4:52 a.m.8 views

undici: Undici: Information disclosure due to improper cache-control header parsing

A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from...

5.9CVSS7AI score0.00374EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/16 8:44 p.m.20 views

Stored XSS in SEO Fields Leads to Authenticated API Data Exposure in ApostropheCMS

Summary A stored cross-site scripting XSS vulnerability exists in SEO-related fields SEO Title and Meta Description in ApostropheCMS. Improper neutralization of user-controlled input in SEO-related fields allows injection of arbitrary JavaScript into HTML contexts, resulting in stored cross-site...

8.7CVSS5.3AI score0.00298EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/04/16 8:44 p.m.8 views

GHSA-855C-R2VQ-C292 Stored XSS in SEO Fields Leads to Authenticated API Data Exposure in ApostropheCMS

Summary A stored cross-site scripting XSS vulnerability exists in SEO-related fields SEO Title and Meta Description in ApostropheCMS. Improper neutralization of user-controlled input in SEO-related fields allows injection of arbitrary JavaScript into HTML contexts, resulting in stored cross-site...

8.7CVSS5.9AI score0.00298EPSS
Exploits1References5
CVE
CVE
added 2026/04/15 7:34 p.m.22 views

CVE-2026-35569

CVE-2026-35569 affects ApostropheCMS <= 4.28.0. A stored XSS in SEO fields (SEO Title and Meta Description) allows injecting JavaScript via improper output encoding into HTML contexts such as , attributes, and JSON-LD. This can enable an authenticated user to execute arbitrary JS in the admin...

8.7CVSS5.9AI score0.00298EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/04/15 7:34 p.m.4 views

CVE-2026-35569 ApostropheCMS: Stored XSS in SEO Fields Leads to Authenticated API Data Exposure in ApostropheCMS

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a stored cross-site scripting vulnerability in SEO-related fields SEO Title and Meta Description, where user-controlled input is rendered without proper output encoding into HTML contexts includin...

8.7CVSS6AI score0.00298EPSS
Exploits1References5
OSV
OSV
added 2026/01/27 7:4 p.m.4 views

GHSA-6WQW-2P9W-4VW4 Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception

Summary Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control headers such as Cache-Control: private or Cache-Control: no-store, which may result in private or...

5.3CVSS6AI score0.00457EPSS
Exploits0References5
CVE
CVE
added 2024/12/21 8:24 a.m.54 views

CVE-2024-10797

The CVE-2024-10797 entry concerns the WordPress plugin Full Screen Menu for Elementor. Affected: Full Screen Menu for Elementor (WordPress plugin) up to version 1.0.7. Nature: Information Exposure via the Full Screen Menu Elementor Widget, caused by insufficient restrictions on which posts can be...

4.3CVSS4.4AI score0.003EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/12/19 11:56 a.m.7 views

WordPress Seraphinite Accelerator plugin <= 2.22.15 - Authenticated Sensitive Data Exposure vulnerability

Authenticated Sensitive Data Exposure vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Seraphinite Accelerator versions = 2.22.15...

7AI score0.00273EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/11/27 10:15 a.m.5 views

CVE-2024-52323

Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account...

8.1CVSS5.8AI score0.01128EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/09/04 12:0 a.m.5 views

Drupal Freelinking module < 4.0.1 - Authenticated Sensitive Data Exposure vulnerability

Authenticated Sensitive Data Exposure vulnerability discovered by Matthew Radcliffe in WordPress Module Freelinking versions 4.0.1...

7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/08/12 12:39 p.m.7 views

WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Sensitive Data Exposure vulnerability

Authenticated Sensitive Data Exposure vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Bit Form Pro versions = 2.6.4...

6.5CVSS7AI score0.00418EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/06/06 9:10 a.m.5 views

WordPress Otter Blocks PRO plugin <= 2.6.11 - Authenticated Sensitive Data Exposure vulnerability

Authenticated Sensitive Data Exposure vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Otter Blocks PRO versions = 2.6.11...

5.3CVSS7AI score0.00345EPSS
Exploits0Affected Software1
Rows per page
Query Builder