CVE-2023-26438

External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use TOCTOU weakness, involving the JDK DNS cache. Attackers that were timing DNS cache expiry correctly were able to inject configuration that would bypass existing network deny-lists. Attackers could...

CVE-2023-24069

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker ca...

CVE-2023-2597

In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache which is enabled by default in OpenJ9 builds the size of a string is not properly checked against the size of the buffer...

CVE-2023-1478

The Hummingbird WordPress plugin before 3.4.2 does not validate the generated file path for page cache files before writing them, leading to a path traversal vulnerability in the page cache module...

CVE-2020-36448

An issue was discovered in the cache crate through 2020-11-24 for Rust. There are unconditional implementations of Send and Sync for Cache...

CVE-2020-8587

OnCommand System Manager 9.x versions prior to 9.3P20 and 9.4 prior to 9.4P3 are susceptible to a vulnerability that could allow HTTP clients to cache sensitive responses making them accessible to an attacker who has access to the system where the client runs...

CVE-2010-5292

Amberdms Billing System ABS before 1.4.1, when a multi-instance installation is configured, might allow local users to obtain sensitive information by reading the cache in between runs of the include/cron/servicesusage.php cron job...

CVE-2019-5627

The iOS mobile application BlueCats Reveal before 5.14 stores the username and password in the app cache as base64 encoded strings, i.e. clear text. These persist in the cache even if the user logs out. This can allow an attacker to compromise the affected BlueCats network implementation. The...

CVE-2013-3836

Unspecified vulnerability in the Oracle Web Cache component in Oracle Fusion Middleware 11.1.1.6 and 11.1.1.7 allows remote authenticated users to affect confidentiality via vectors related to ESI/Partial Page Caching...

CVE-2004-2684

Unspecified vulnerability in the %template package in InterSystems Cache' 5.0 allows attackers to access certain files on a server, including 1 cache.key and 2 cache.dat, related to .csp files under a Dev\studio\templates and b Devuser\studio\templates...

CVE-2025-47905

Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries...

CVE-2024-30127

Missing "no cache" headers in HCL Leap permits sensitive data to be cached...

PT-2025-17017

Name of the Vulnerable Software and Affected Versions Docket Cache versions through 24.07.02 Description The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion' vulnerability. This vulnerability allows PHP Loc...

CVE-2024-13338

The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on the wclearfycachedelete functionality . This makes ...

CVE-2025-31469 WordPress Clear Sucuri Cache plugin <= 1.4 - Broken Access Control Vulnerability

Missing Authorization vulnerability in webrangers Clear Sucuri Cache clear-sucuri-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clear Sucuri Cache: from n/a through = 1.4...

CVE-2025-29770 vLLM denial of service via outlines unbounded cache on disk

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. The outlines library is one of the backends used by vLLM to support structured output a.k.a. guided decoding. Outlines provides an optional cache for its compiled grammars on the local filesystem. This cache has...

Important: kernel-livepatch-4.14.355-275.570

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: tipc: guard against string buffer overrun CVE-2024-49995 In the Linux kernel, the following vulnerability has been resolved: dm cache: fix out-of-bounds access to the dirty bitset when resizing CVE-2024-50279...

Important: kernel-livepatch-4.14.355-275.591

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: tipc: guard against string buffer overrun CVE-2024-49995 In the Linux kernel, the following vulnerability has been resolved: dm cache: fix out-of-bounds access to the dirty bitset when resizing CVE-2024-50279...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: tipc: wait and exit until all work queues are done CVE-2021-47163 Placeholder CVE. Details forthcoming CVE-2024-10929 In the Linux kernel, the following vulnerability has been resolved: tipc: guard against string...

VulnCheck KEV: CVE-2024-44000

Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through 6.5.0.1...