306 matches found
CVE-2025-32421
Next.js is a React framework for building full-stack web applications. Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This issue only affects the Pages Router under certain misconfigurations, causing normal endpoints to serve pageProps data instead of standard HTML. Thi...
CVE-2025-32421 Next.js Race Condition to Cache Poisoning
Next.js is a React framework for building full-stack web applications. Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This issue only affects the Pages Router under certain misconfigurations, causing normal endpoints to serve pageProps data instead of standard HTML. Thi...
PT-2025-19996
Name of the Vulnerable Software and Affected Versions Next.js versions prior to 14.2.24 and versions 15.0.0 through 15.1.6 Description Next.js, a React framework for building full-stack web applications, contains a race-condition issue affecting the Pages Router under specific misconfigurations...
Internet Bug Bounty: Possible Sensitive Session Information Leak in Active Storage
There was a possible sensitive session information leak in Active Storage. Active Storage incorrectly sent the user's session cookie along with a Cache-Control: public header when serving files blobs. This allowed certain caching proxies to cache the response, including the Set-Cookie header,...
CVE-2025-31763
Cross-Site Request Forgery CSRF vulnerability in Preliot Cache control by Cacholong cache-control-by-cacholong allows Cross Site Request Forgery.This issue affects Cache control by Cacholong: from n/a through = 5.4.1...
CVE-2025-31764
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Preliot Cache control by Cacholong cache-control-by-cacholong allows Stored XSS.This issue affects Cache control by Cacholong: from n/a through = 5.4.1...
CVE-2025-31764
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Preliot Cache control by Cacholong cache-control-by-cacholong allows Stored XSS.This issue affects Cache control by Cacholong: from n/a through = 5.4.1...
CVE-2025-31764 WordPress Cache control by Cacholong plugin <= 5.4.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Preliot Cache control by Cacholong cache-control-by-cacholong allows Stored XSS.This issue affects Cache control by Cacholong: from n/a through = 5.4.1...
CVE-2025-31763 WordPress Cache control by Cacholong Plugin <= 5.4.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Preliot Cache control by Cacholong cache-control-by-cacholong allows Cross Site Request Forgery.This issue affects Cache control by Cacholong: from n/a through = 5.4.1...
WordPress plugin Cache control by Cacholong 跨站请求伪造漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists...
PT-2025-14150 · Cacholong · Cache Control
Name of the Vulnerable Software and Affected Versions: Cache control by Cacholong versions n/a through 5.4.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows for Cross Site Request Forgery. This means an attacker can trick a user into performing unintended...
WordPress plugin Cache control by Cacholong 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin...
PT-2025-14151 · Cacholong · Cache Control
Name of the Vulnerable Software and Affected Versions: Cache control by Cacholong versions n/a through 5.4.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker c...
Take control of Cache-Control and local caching
TL;DR Caching speeds up website content delivery What caching directives are and how to use them The No-cache directive does not prevent caching The No-store directiveprevents caching Introduction The HTTP Cache-Control header is sometimes misunderstood. It's important because it is used to speci...
Insufficiently Protected Credentials
leantime/leantime is vulnerable to Insufficiently Protected Credentials. The vulnerability is due to improper cache control where an attacker can view sensitive information even if they are not logged into the account anymore...
Leantime has Insufficiently Protected Credentials
Due to improper cache control an attacker can view sensitive information even if they are not logged into the account anymore. Additional Information: 1.The issue was identified during routine security testing. 2.This vulnerability poses a significant risk to user privacy and data security...
GHSA-H6W8-27PH-C385 Leantime has Insufficiently Protected Credentials
Due to improper cache control an attacker can view sensitive information even if they are not logged into the account anymore. Additional Information: 1.The issue was identified during routine security testing. 2.This vulnerability poses a significant risk to user privacy and data security...
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to improper cache control. An attacker can view sensitive information even if they are not logged into the account anymore. Remediation Upgrade leantime/leantime to version 3.3 or higher...
Nextcloud: Sensitive Information Disclosure via Back Button Post Logout on https://apps.nextcloud.com/account/
A cache control vulnerability was identified on the https://apps.nextcloud.com/account/ page. After logging out, sensitive information such as the user's first name, last name, and email address remained accessible by using the browser's back button. This occurred due to improper caching of...
SUSE SLES15 / openSUSE 15 Security Update : tomcat (SUSE-SU-2025:0058-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0058-1 advisory. Update to Tomcat 9.0.98 - Fixed CVEs: - CVE-2024-54677: DoS in examples web application bsc1234664 - CVE-2024-50379:...