Lucene search
+L

3368 matches found

NVD
NVD
added yesterday7 views

CVE-2024-23571

HCL Aftermarket EPC is vulnerable to attack since the application does not have an appropriate caching policy specifying the extent to which the page and its form fields should be cached. If sensitive information in application responses is stored in the local cache, then this may be retrieved by...

4.3CVSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2024-23571

The CVE-2024-23571 entry concerns HCL Aftermarket EPC. Affected component: the application’s caching policy for pages and forms. Root cause: no appropriate caching policy governing how much page content and form fields are cached, enabling local cache data to be retrieved by other users on the sa...

4.3CVSS5.2AI score
Exploits0References1
Cvelist
Cvelist
added yesterday14 views

CVE-2024-23571

HCL Aftermarket EPC is vulnerable to attack since the application does not have an appropriate caching policy specifying the extent to which the page and its form fields should be cached. If sensitive information in application responses is stored in the local cache, then this may be retrieved by...

4.3CVSS
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2024-55664

HCL Aftermarket EPC is vulnerable to attack since the application does not have an appropriate caching policy specifying the extent to which the page and its form fields should be cached. If sensitive information in application responses is stored in the local cache, then this may be retrieved by...

4.3CVSS5.2AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2024-23571

HCL Aftermarket EPC is vulnerable to attack since the application does not have an appropriate caching policy specifying the extent to which the page and its form fields should be cached. If sensitive information in application responses is stored in the local cache, then this may be retrieved by...

4.3CVSS5.2AI score
Exploits0References2Affected Software1
Nuclei
Nuclei
added yesterday43 views

WordPress Varnish/Nginx Proxy Caching <= 1.8.3 - Information Exposure

Razvan Stanga Varnish/Nginx Proxy Caching = 1.8.3 contains an insertion of sensitive information into sent data vulnerability caused by improper handling of embedded sensitive data, letting attackers retrieve sensitive information, exploit requires crafted requests. id: CVE-2025-62126 info: name:...

5.3CVSS5.1AI score0.00659EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 3 days ago4 views

CVE-2026-49981

A flaw was found in Twig, a template language for PHP. An attacker with low privileges could exploit a caching issue in the template sandboxing mechanism. This allows a sandboxed template to bypass its intended security policy, potentially leading to unauthorized information disclosure and limite...

8.2CVSS6.1AI score0.00362EPSS
Exploits0References2
NVD
NVD
added 3 days ago5 views

CVE-2026-60087

PraisonAI before 1.6.78 caches tool approval decisions by tool name only, allowing attackers to reuse initial approvals for subsequent calls with arbitrary arguments. Attackers can exploit this by obtaining approval for a benign operation and then executing dangerous file write operations with...

6.9CVSS0.00189EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-44637

PraisonAI before 1.6.78 caches tool approval decisions by tool name only, allowing attackers to reuse initial approvals for subsequent calls with arbitrary arguments. Attackers can exploit this by obtaining approval for a benign operation and then executing dangerous file write operations with...

6.9CVSS6.2AI score0.00189EPSS
Exploits0References2
OSV
OSV
added 4 days ago4 views

CVE-2026-46629 Twig: Unbounded formatter memoisation in twig/intl-extra keyed on template-controlled arguments

Twig is a template language for PHP. Prior to 3.26.0, twig/intl-extra memoises IntlDateFormatter and NumberFormatter instances in arrays keyed by template-controlled filter arguments such as locale, pattern, and attrs, allowing a template to allocate many ICU formatter objects that remain pinned...

5.3CVSS6.1AI score0.00302EPSS
Exploits0References5
NVD
NVD
added 4 days ago4 views

CVE-2026-58637

Use after free in Windows Client-Side Caching CSC Service allows an authorized attacker to elevate privileges locally...

7CVSS0.00229EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 4 days ago4 views

CVE-2026-58637 Windows Client-Side Caching Elevation of Privilege Vulnerability

...

7CVSS6.1AI score0.00229EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-58637 Windows Client-Side Caching Elevation of Privilege Vulnerability

...

7CVSS0.00229EPSS
Exploits0References1
CVE
CVE
added 4 days ago6 views

CVE-2026-58637

CVE-2026-58637 affects Windows Client-Side Caching (CSC) Service. Description and sources confirm a use-after-free vulnerability that enables an authorized local attacker to elevate privileges. Metrics indicate local attack vector, low privileges required, and no user interaction, with high confi...

7CVSS6AI score0.00229EPSS
Exploits0References1Affected Software12
Microsoft CVE
Microsoft CVE
added 4 days ago7 views

Windows Client-Side Caching Elevation of Privilege Vulnerability

Use after free in Windows Client-Side Caching CSC Service allows an authorized attacker to elevate privileges locally...

7CVSS6.1AI score0.00229EPSS
Exploits0
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-58672

Name of the Vulnerable Software and Affected Versions Windows Client-Side Caching CSC Service affected versions not specified Description A use-after-free condition in the Windows Client-Side Caching CSC Service allows an authorized attacker to elevate privileges locally. Use-after-free is a memo...

7CVSS6AI score0.00229EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/07/10 1:40 p.m.12 views

CVE-2026-48588

A flaw was found in Django. When django.middleware.cache.UpdateCacheMiddleware or django.views.decorators.cache.cachepage is in use, responses that set a cookie are not excluded from caching if the request includes any cookie, even when that cookie is unrelated to the response for example, a...

5.3CVSS6.1AI score0.00375EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/07/08 5:58 p.m.4 views

httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash

A flaw was found in the modauthnsocache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration...

5.3CVSS6.2AI score0.00514EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/07 9:48 p.m.6 views

httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash

A flaw was found in the modauthnsocache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration...

5.3CVSS6AI score0.00514EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/07 2:9 p.m.34 views

CVE-2026-48588 Potential exposure of private data via cached Set-Cookie response

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. UpdateCacheMiddleware and the cachepage decorator cache responses that vary on cookies when the incoming request carries unrelated cookies, which allows remote attackers to read private data from the shared cache. Earlier,...

3.1CVSS0.00375EPSS
Exploits0References3
Rows per page
Query Builder