3368 matches found
CVE-2024-23571
HCL Aftermarket EPC is vulnerable to attack since the application does not have an appropriate caching policy specifying the extent to which the page and its form fields should be cached. If sensitive information in application responses is stored in the local cache, then this may be retrieved by...
CVE-2024-23571
The CVE-2024-23571 entry concerns HCL Aftermarket EPC. Affected component: the application’s caching policy for pages and forms. Root cause: no appropriate caching policy governing how much page content and form fields are cached, enabling local cache data to be retrieved by other users on the sa...
CVE-2024-23571
HCL Aftermarket EPC is vulnerable to attack since the application does not have an appropriate caching policy specifying the extent to which the page and its form fields should be cached. If sensitive information in application responses is stored in the local cache, then this may be retrieved by...
EUVD-2024-55664
HCL Aftermarket EPC is vulnerable to attack since the application does not have an appropriate caching policy specifying the extent to which the page and its form fields should be cached. If sensitive information in application responses is stored in the local cache, then this may be retrieved by...
CVE-2024-23571
HCL Aftermarket EPC is vulnerable to attack since the application does not have an appropriate caching policy specifying the extent to which the page and its form fields should be cached. If sensitive information in application responses is stored in the local cache, then this may be retrieved by...
WordPress Varnish/Nginx Proxy Caching <= 1.8.3 - Information Exposure
Razvan Stanga Varnish/Nginx Proxy Caching = 1.8.3 contains an insertion of sensitive information into sent data vulnerability caused by improper handling of embedded sensitive data, letting attackers retrieve sensitive information, exploit requires crafted requests. id: CVE-2025-62126 info: name:...
CVE-2026-49981
A flaw was found in Twig, a template language for PHP. An attacker with low privileges could exploit a caching issue in the template sandboxing mechanism. This allows a sandboxed template to bypass its intended security policy, potentially leading to unauthorized information disclosure and limite...
CVE-2026-60087
PraisonAI before 1.6.78 caches tool approval decisions by tool name only, allowing attackers to reuse initial approvals for subsequent calls with arbitrary arguments. Attackers can exploit this by obtaining approval for a benign operation and then executing dangerous file write operations with...
EUVD-2026-44637
PraisonAI before 1.6.78 caches tool approval decisions by tool name only, allowing attackers to reuse initial approvals for subsequent calls with arbitrary arguments. Attackers can exploit this by obtaining approval for a benign operation and then executing dangerous file write operations with...
CVE-2026-46629 Twig: Unbounded formatter memoisation in twig/intl-extra keyed on template-controlled arguments
Twig is a template language for PHP. Prior to 3.26.0, twig/intl-extra memoises IntlDateFormatter and NumberFormatter instances in arrays keyed by template-controlled filter arguments such as locale, pattern, and attrs, allowing a template to allocate many ICU formatter objects that remain pinned...
CVE-2026-58637
Use after free in Windows Client-Side Caching CSC Service allows an authorized attacker to elevate privileges locally...
CVE-2026-58637 Windows Client-Side Caching Elevation of Privilege Vulnerability
...
CVE-2026-58637 Windows Client-Side Caching Elevation of Privilege Vulnerability
...
CVE-2026-58637
CVE-2026-58637 affects Windows Client-Side Caching (CSC) Service. Description and sources confirm a use-after-free vulnerability that enables an authorized local attacker to elevate privileges. Metrics indicate local attack vector, low privileges required, and no user interaction, with high confi...
Windows Client-Side Caching Elevation of Privilege Vulnerability
Use after free in Windows Client-Side Caching CSC Service allows an authorized attacker to elevate privileges locally...
PT-2026-58672
Name of the Vulnerable Software and Affected Versions Windows Client-Side Caching CSC Service affected versions not specified Description A use-after-free condition in the Windows Client-Side Caching CSC Service allows an authorized attacker to elevate privileges locally. Use-after-free is a memo...
CVE-2026-48588
A flaw was found in Django. When django.middleware.cache.UpdateCacheMiddleware or django.views.decorators.cache.cachepage is in use, responses that set a cookie are not excluded from caching if the request includes any cookie, even when that cookie is unrelated to the response for example, a...
httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash
A flaw was found in the modauthnsocache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration...
httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash
A flaw was found in the modauthnsocache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration...
CVE-2026-48588 Potential exposure of private data via cached Set-Cookie response
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. UpdateCacheMiddleware and the cachepage decorator cache responses that vary on cookies when the incoming request carries unrelated cookies, which allows remote attackers to read private data from the shared cache. Earlier,...