CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

317 matches found

CVE•added 2024/06/14 8:25 a.m.•297 views

CVE-2024-25142

CVE-2024-25142 : The issue is in Apache Airflow where dynamic content did not return the Cache-Control header, potentially allowing browsers to store sensitive data in local cache. Affected version: Airflow prior to 2.9.2. The available connected documents confirm the root cause (missing Cache-Co...

5.5CVSS6.3AI score0.00102EPSS

Exploits0References3Affected Software1

Cvelist•added 2024/06/14 8:25 a.m.•23 views

CVE-2024-25142 Apache Airflow: Cache Control - Storage of Sensitive Data in Browser Cache

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache...

0.00102EPSS

Exploits0References2

CNNVD•added 2024/06/14 12:0 a.m.•1 views

Apache Airflow Security Vulnerability

Apache Airflow is an open source platform for creating, managing and monitoring workflows from the Apache USA Foundation. The platform is characterized by scalability and dynamic monitoring. A security vulnerability exists in Apache Airflow versions prior to 2.9.2 that stems from Airflow not...

5.5CVSS6.3AI score0.00102EPSS

Exploits0References4

Cvelist•added 2024/05/28 6:50 p.m.•34 views

CVE-2024-36107 Information disclosure in minio

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. If-Modified-Since and If-Unmodified-Since headers when used with anonymous requests by sending a random object name requests can be used to determine if an object exists or not on the server on a...

5.3CVSS5.1AI score0.00143EPSS

Exploits0References5

Vulnrichment•added 2024/05/28 6:50 p.m.•28 views

CVE-2024-36107 Information disclosure in minio

5.3CVSS6.6AI score0.00143EPSS

Exploits0References5

Positive Technologies•added 2024/05/28 12:0 a.m.•5 views

PT-2024-5523 · Minio +2 · Minio +2

Name of the Vulnerable Software and Affected Versions: MinIO versions prior to RELEASE.2024-05-27T19-17-46Z Description: The issue concerns the use of If-Modified-Since and If-Unmodified-Since headers with anonymous requests, allowing an attacker to determine if an object exists on the server in ...

8.8CVSS9.3AI score0.94004EPSS

Exploits18References21

OSV•added 2024/04/12 11:7 a.m.•2 views

OESA-2024-1367 rubygem-activestorage security update

Attach cloud and local files in Rails applications. Security Fixes: Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cooki...

5.3CVSS6.2AI score0.02363EPSS

Exploits0References2

NVD•added 2024/03/11 6:15 p.m.•14 views

CVE-2023-52488

In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: convert from raw to noinc regmap functions for FIFO The SC16IS7XX IC supports a burst mode to access the FIFOs where the initial register address is sent $00, followed by all the FIFO data without having to...

5.5CVSS7.4AI score0.00022EPSS

Exploits0References7

OSV•added 2024/02/27 4:15 p.m.•0 views

UBUNTU-CVE-2024-26144

Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...

5.3CVSS6AI score0.02363EPSS

Exploits0References7

Debian CVE•added 2024/02/27 3:44 p.m.•21 views

CVE-2024-26144

5.3CVSS5.1AI score0.02363EPSS

Exploits0

OSV•added 2024/02/27 3:44 p.m.•20 views

CVE-2024-26144 Possible Sensitive Session Information Leak in Active Storage

5.3CVSS5AI score0.02363EPSS

Exploits0References8

CNNVD•added 2024/02/25 12:0 a.m.•2 views

Active Storage Security Vulnerability

Active Storage is a plugin for uploading files to multiple cloud storage services and attaching files to Active Record objects. A security vulnerability exists in Rails Active Storage that stems from Active Storage sending a Set-Cookie header along with the user's session cookie when serving a bl...

5.3CVSS7AI score0.02363EPSS

Exploits0References7

OSV•added 2023/12/22 11:6 a.m.•3 views

OESA-2023-1936 python-flask security update

Flask is a lightweight WSGI web application framework. It is designed to make getting started quick and easy, with the ability to scale up to complex applications. It began as a simple wrapper around Werkzeug and Jinja and has become one of the most popular Python web application frameworks...

7.5CVSS9AI score0.00221EPSS

Exploits1References2

Veracode•added 2023/10/25 6:39 a.m.•17 views

Denial Of Service (DoS)

next is vulnerable to Denial Of Service DoS. The vulnerability exists because the base-server.ts does not include a cache-control header. Consequently, empty prefetch responses might be cached by a Content Delivery Network CDN. This creates an opportunity for an attacker to potentially crash the...

7.5CVSS6.9AI score0.00373EPSS

Exploits1References5Affected Software1

OSV•added 2023/10/22 3:30 a.m.•52 views

GHSA-C59H-R6P8-Q9WC Next.js missing cache-control header may lead to CDN caching empty reply

Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN. Cloudflare considers these requests cacheable assets...

7.5CVSS7.4AI score0.00373EPSS

Exploits1References6