324 matches found
EUVD-2025-9248
Malicious code in bioql PyPI...
EUVD-2023-2714
Malicious code in bioql PyPI...
EUVD-2025-9279
Malicious code in bioql PyPI...
EUVD-2025-14946
Malicious code in bioql PyPI...
EUVD-2022-5838
Malicious code in bioql PyPI...
EUVD-2024-0012
Malicious code in bioql PyPI...
CVE-2025-48947
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In Auth0 Next.js SDK versions 4.0.1 through 4.6.0, session cookies set by auth0.middleware may be cached by CDNs due to missing Cache-Control headers. Three preconditions must be met in order for...
Sensitive Information Disclosure
@auth0/nextjs-auth0 is vulnerable to Sensitive Information Disclosure. The vulnerability is due to missing cache control headers due to session cookies being cached by CDNs, potentially exposing sensitive session information to unauthorized users...
NextJS-Auth0 SDK Vulnerable to CDN Caching of Session Cookies
Overview In Auth0 Next.js SDK versions 4.0.1 to 4.6.0, session cookies set by auth0.middleware may be cached by CDNs due to missing Cache-Control headers. Am I Affected? You are affected by this vulnerability if you meet the following preconditions: 1. Applications using the NextJS-Auth0 SDK,...
GHSA-F3FG-MF2Q-FJ3F NextJS-Auth0 SDK Vulnerable to CDN Caching of Session Cookies
Overview In Auth0 Next.js SDK versions 4.0.1 to 4.6.0, session cookies set by auth0.middleware may be cached by CDNs due to missing Cache-Control headers. Am I Affected? You are affected by this vulnerability if you meet the following preconditions: 1. Applications using the NextJS-Auth0 SDK,...
CVE-2025-48947
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In Auth0 Next.js SDK versions 4.0.1 through 4.6.0, session cookies set by auth0.middleware may be cached by CDNs due to missing Cache-Control headers. Three preconditions must be met in order for...
CVE-2025-48947 NextJS-Auth0 SDK Vulnerable to CDN Caching of Session Cookies
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In Auth0 Next.js SDK versions 4.0.1 through 4.6.0, session cookies set by auth0.middleware may be cached by CDNs due to missing Cache-Control headers. Three preconditions must be met in order for...
CVE-2025-48947
The CVE describes a vulnerability in the Auth0 Next.js SDK (auth0/nextjs-auth0) affecting versions 4.0.1–4.6.0 where __session cookies set by auth0.middleware can be cached by CDNs due to missing Cache-Control headers. Preconditions require: (1) use of the NextJS-Auth0 SDK, (2) CDN/edge caching o...
PT-2025-23857 · Auth0 · Auth0 Next.Js Sdk
Name of the Vulnerable Software and Affected Versions: Auth0 Next.js SDK versions 4.0.1 through 4.6.0 Description: The issue concerns the caching of session cookies set by auth0.middleware in CDN environments due to missing Cache-Control headers. Three preconditions must be met for the...
Netscaler-13.1-Security scanner reported "Cacheable SSL Page Found" for gateway virtual server
Security scanner reported "Cacheable SSL Page Found" for gateway virtual server. The detailed content reported by the scanner is as below: ------------------------------ The application has responded with a response that indicates the page should be cached, but cache controls aren't set you can...
CVE-2024-25142
Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache...
CVE-2025-32421
Next.js is a React framework for building full-stack web applications. Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This issue only affects the Pages Router under certain misconfigurations, causing normal endpoints to serve pageProps data instead of standard HTML. Thi...
CVE-2025-32421 Next.js Race Condition to Cache Poisoning
Next.js is a React framework for building full-stack web applications. Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This issue only affects the Pages Router under certain misconfigurations, causing normal endpoints to serve pageProps data instead of standard HTML. Thi...
PT-2025-19996
Name of the Vulnerable Software and Affected Versions Next.js versions prior to 14.2.24 and versions 15.0.0 through 15.1.6 Description Next.js, a React framework for building full-stack web applications, contains a race-condition issue affecting the Pages Router under specific misconfigurations...
Internet Bug Bounty: Possible Sensitive Session Information Leak in Active Storage
There was a possible sensitive session information leak in Active Storage. Active Storage incorrectly sent the user's session cookie along with a Cache-Control: public header when serving files blobs. This allowed certain caching proxies to cache the response, including the Set-Cookie header,...