Lucene search
K

98 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:6 a.m.5 views

CVE-2015-7228

The RESTful module 7.x-1.x before 7.x-1.3 for Drupal does not properly cache pages of authenticated users when using non-cookie authentication providers, which allows remote attackers to obtain sensitive information via unspecified vectors...

5CVSS6.6AI score0.01276EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:17 a.m.8 views

CVE-2017-17735

CMS Made Simple CMSMS before 2.2.5 does not properly cache login information in cookies...

9.8CVSS6.7AI score0.01086EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:43 a.m.8 views

CVE-2017-17734

CMS Made Simple CMSMS before 2.2.5 does not properly cache login information in sessions...

9.8CVSS6.7AI score0.01086EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/24 12:0 a.m.3 views

PT-2025-17855 · Hcl · Hcl Leap

Name of the Vulnerable Software and Affected Versions: HCL Leap affected versions not specified Description: The issue concerns missing "no cache" headers in HCL Leap, which allows sensitive data to be cached. Recommendations: At the moment, there is no information about a newer version that...

3.2CVSS6AI score0.00127EPSS
Exploits0References5
NVD
NVD
added 2025/04/03 8:15 p.m.26 views

CVE-2025-31485

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Prior to 4.0.22 and 3.4.17, a GraphQL grant on a property might be cached with different objects. The ApiPlatform\GraphQl\Serializer\ItemNormalizer::isCacheKeySafe method is meant to prevent the caching but the...

7.5CVSS0.00441EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/04/03 7:31 p.m.13 views

CVE-2025-31485 GraphQL grant on a property might be cached with different objects

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Prior to 4.0.22 and 3.4.17, a GraphQL grant on a property might be cached with different objects. The ApiPlatform\GraphQl\Serializer\ItemNormalizer::isCacheKeySafe method is meant to prevent the caching but the...

7.5CVSS7.3AI score0.00441EPSS
Exploits0References4
CVE
CVE
added 2025/04/03 7:31 p.m.92 views

CVE-2025-31485

API Platform Core (GraphQL support) is affected by CVE-2025-31485. Prior to versions 4.0.22 and 3.4.17, a GraphQL grant on a property could be cached with different objects due to the caching behavior of ApiPlatform\GraphQl\Serializer\ItemNormalizer::isCacheKeySafe() plus the subsequent cache key...

7.5CVSS7.3AI score0.00441EPSS
Exploits0References4
OSV
OSV
added 2025/04/03 7:31 p.m.22 views

CVE-2025-31485 GraphQL grant on a property might be cached with different objects

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Prior to 4.0.22 and 3.4.17, a GraphQL grant on a property might be cached with different objects. The ApiPlatform\GraphQl\Serializer\ItemNormalizer::isCacheKeySafe method is meant to prevent the caching but the...

7.5CVSS6.4AI score0.00441EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/04/03 7:31 p.m.32 views

CVE-2025-31485 GraphQL grant on a property might be cached with different objects

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Prior to 4.0.22 and 3.4.17, a GraphQL grant on a property might be cached with different objects. The ApiPlatform\GraphQl\Serializer\ItemNormalizer::isCacheKeySafe method is meant to prevent the caching but the...

7.5CVSS0.00441EPSS
Exploits0References4
Friends Of PHP
Friends Of PHP
added 2025/04/03 3:3 p.m.14 views

GraphQL grant on a property might be cached with different objects

Original message: I found an issue with security grants on on properties in the GraphQL ItemNormalizer: If you use something like ApiPropertysecurity: 'isgranted"PROPERTYREAD", object, property' on a member of an entity, the grant gets cached and is only evaluated once, even if the object in...

7.5CVSS6.8AI score0.00441EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2025/04/03 3:3 p.m.12 views

GraphQL grant on a property might be cached with different objects

Original message: I found an issue with security grants on on properties in the GraphQL ItemNormalizer: If you use something like ApiPropertysecurity: 'isgranted"PROPERTYREAD", object, property' on a member of an entity, the grant gets cached and is only evaluated once, even if the object in...

7.5CVSS6.8AI score0.00441EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/03 12:0 a.m.4 views

PT-2025-14796 · Unknown · Api Platform Core

Name of the Vulnerable Software and Affected Versions: API Platform Core versions prior to 4.0.22 Description: The issue concerns a caching problem in GraphQL grants on properties, which can lead to incorrect caching with different objects. The...

7.5CVSS6.2AI score0.00441EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2024-22412

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ClickHouse is an open-source column-oriented database management system. A bug exists in the cloud ClickHouse offering prior to version 24.0.2.54535 and in...

4.9CVSS5.5AI score0.00587EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/02/22 8:22 p.m.23 views

CVE-2025-27097

GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. When a user transforms on the root level or single source with...

7.5CVSS6.8AI score0.00399EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 11:10 a.m.23 views

BIT-VAULT-2021-38554

HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases...

5.3CVSS5.4AI score0.00911EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/01/30 12:0 a.m.5 views

PT-2024-20053 · Notion · Notion Web Clipper

Name of the Vulnerable Software and Affected Versions: Notion Web Clipper version 1.0.37 Description: The Notion Web Clipper is susceptible to the Dirty NIB attack, where .nib files can be manipulated to execute arbitrary commands. Even if a .nib file is modified within an application, Gatekeeper...

9.8CVSS7.8AI score0.01984EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2024/01/24 12:0 a.m.18 views

RHCOS 4 / 9 : OpenShift Container Platform 4.12.21 (RHSA-2023:3545)

The remote Red Hat Enterprise Linux CoreOS 4 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3545 advisory. - golang: html/template: improper handling of JavaScript whitespace CVE-2023-24540 - flask: Possible disclosure of permanent...

9.8CVSS6.8AI score0.01548EPSS
Exploits1References7
OSV
OSV
added 2023/11/14 11:15 a.m.7 views

CVE-2023-43503

A vulnerability has been identified in COMOS All versions V10.4.4. Caching system in the affected application leaks sensitive information such as user and project information in cleartext via UDP...

7.5CVSS5.7AI score0.00309EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/08/15 12:0 a.m.41 views

Oracle Linux 8 : python-flask (ELSA-2023-12710)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-12710 advisory. - Fix for CVE-2023-30861 Orabug: 35662469 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

7.5CVSS7.7AI score0.01261EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:21 a.m.2 views

SUSE CVE-2023-23969

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very larg...

7.5CVSS6.9AI score0.47102EPSS
Exploits0References7
Rows per page
Query Builder