CVE-2026-30246 github.com/gofiber/fiber/v3 cache middleware can mix responses across query parameters

Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request path and does not include the query string. As a result, requests for the same path with different query parameters can share a cache key...

CVE-2026-27838

wger is a free, open-source workout and fitness manager. Five routine detail action endpoints check a cache before calling self.getobject. In versions up to and including 2.4, ache keys are scoped only by pk — no user ID is included. When a victim has previously accessed their routine via the API...