306 matches found
EUVD-2026-4750
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control...
CVE-2026-24472 Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control...
CVE-2026-24472 Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control...
Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception
Summary Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control headers such as Cache-Control: private or Cache-Control: no-store, which may result in private or...
GHSA-6WQW-2P9W-4VW4 Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception
Summary Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control headers such as Cache-Control: private or Cache-Control: no-store, which may result in private or...
Use of Cache Containing Sensitive Information
Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information via improper handling of HTTP cache control directives, including Cache-Control: private and Cache-Control: no-store. An attacker can access...
CVE-2026-24437
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 serve sensitive administrative content without appropriate cache-control directives. As a result, browsers may store credential-bearing responses locally, exposing them to subsequent unauthorized access...
CVE-2026-24437
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 serve sensitive administrative content without appropriate cache-control directives. As a result, browsers may store credential-bearing responses locally, exposing them to subsequent unauthorized access...
EUVD-2026-4664
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 serve sensitive administrative content without appropriate cache-control directives. As a result, browsers may store credential-bearing responses locally, exposing them to subsequent unauthorized access...
PT-2026-4794
Name of the Vulnerable Software and Affected Versions Shenzhen Tenda W30E V2 versions up to and including V16.01.0.195037 Description The firmware does not implement appropriate cache-control directives when serving sensitive administrative content. This can lead to browsers storing...
Tenda W30E security vulnerabilities
The Tenda W30E is a router produced by the Chinese company Tenda. The Tenda W30E V2 and earlier versions have security vulnerabilities. These vulnerabilities stem from the lack of appropriate cache control instructions, which may lead to the storage of credentials in the browser’s local storage...
CVE-2025-69581
An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personaldata endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowing unauthorized users on the same device to...
CVE-2025-69581
An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personaldata endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowing unauthorized users on the same device to...
CVE-2025-69581
An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personaldata endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowing unauthorized users on the same device to...
CVE-2025-69581
An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personaldata endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowing unauthorized users on the same device to...
CVE-2025-69581
Chamillo LMS 1.11.2 has a data exposure flaw on the Social Network /personal_data endpoint due to missing cache-control headers. This allows unauthorized users on the same device to view full sensitive user data after logout (via the browser back button). Root cause: improper cache control. Impac...
PT-2026-3305
Name of the Vulnerable Software and Affected Versions Chamillo LMS version 1.11.2 Description The Social Network /personal data API endpoint in Chamillo LMS does not implement proper cache control, leading to exposure of full sensitive user information even after logout. Utilizing the browser bac...
CVE-2025-69581
An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personaldata endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowing unauthorized users on the same device to...
Improper Cache Control
tutor is vulnerable to Improper Cache Control. The vulnerability is due to the absence of proper cache-control HTTP headers and client-side session checks, which allows an attacker to access sensitive information through cached or improperly validated sessions...
Use Of Web Browser Cache Containing Sensitive Information
Drupal core is vulnerable to Use of Web Browser Cache Containing Sensitive Information. The vulnerability is due to improper cache control handling, which allows sensitive information to be stored in browser cache and potentially accessed by unauthorized users...