98 matches found
CVE-2015-7228
The RESTful module 7.x-1.x before 7.x-1.3 for Drupal does not properly cache pages of authenticated users when using non-cookie authentication providers, which allows remote attackers to obtain sensitive information via unspecified vectors...
CVE-2017-17735
CMS Made Simple CMSMS before 2.2.5 does not properly cache login information in cookies...
CVE-2017-17734
CMS Made Simple CMSMS before 2.2.5 does not properly cache login information in sessions...
PT-2025-17855 · Hcl · Hcl Leap
Name of the Vulnerable Software and Affected Versions: HCL Leap affected versions not specified Description: The issue concerns missing "no cache" headers in HCL Leap, which allows sensitive data to be cached. Recommendations: At the moment, there is no information about a newer version that...
CVE-2025-31485
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Prior to 4.0.22 and 3.4.17, a GraphQL grant on a property might be cached with different objects. The ApiPlatform\GraphQl\Serializer\ItemNormalizer::isCacheKeySafe method is meant to prevent the caching but the...
CVE-2025-31485 GraphQL grant on a property might be cached with different objects
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Prior to 4.0.22 and 3.4.17, a GraphQL grant on a property might be cached with different objects. The ApiPlatform\GraphQl\Serializer\ItemNormalizer::isCacheKeySafe method is meant to prevent the caching but the...
CVE-2025-31485
API Platform Core (GraphQL support) is affected by CVE-2025-31485. Prior to versions 4.0.22 and 3.4.17, a GraphQL grant on a property could be cached with different objects due to the caching behavior of ApiPlatform\GraphQl\Serializer\ItemNormalizer::isCacheKeySafe() plus the subsequent cache key...
CVE-2025-31485 GraphQL grant on a property might be cached with different objects
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Prior to 4.0.22 and 3.4.17, a GraphQL grant on a property might be cached with different objects. The ApiPlatform\GraphQl\Serializer\ItemNormalizer::isCacheKeySafe method is meant to prevent the caching but the...
CVE-2025-31485 GraphQL grant on a property might be cached with different objects
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Prior to 4.0.22 and 3.4.17, a GraphQL grant on a property might be cached with different objects. The ApiPlatform\GraphQl\Serializer\ItemNormalizer::isCacheKeySafe method is meant to prevent the caching but the...
GraphQL grant on a property might be cached with different objects
Original message: I found an issue with security grants on on properties in the GraphQL ItemNormalizer: If you use something like ApiPropertysecurity: 'isgranted"PROPERTYREAD", object, property' on a member of an entity, the grant gets cached and is only evaluated once, even if the object in...
GraphQL grant on a property might be cached with different objects
Original message: I found an issue with security grants on on properties in the GraphQL ItemNormalizer: If you use something like ApiPropertysecurity: 'isgranted"PROPERTYREAD", object, property' on a member of an entity, the grant gets cached and is only evaluated once, even if the object in...
PT-2025-14796 · Unknown · Api Platform Core
Name of the Vulnerable Software and Affected Versions: API Platform Core versions prior to 4.0.22 Description: The issue concerns a caching problem in GraphQL grants on properties, which can lead to incorrect caching with different objects. The...
Linux Distros Unpatched Vulnerability : CVE-2024-22412
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ClickHouse is an open-source column-oriented database management system. A bug exists in the cloud ClickHouse offering prior to version 24.0.2.54535 and in...
CVE-2025-27097
GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. When a user transforms on the root level or single source with...
BIT-VAULT-2021-38554
HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases...
PT-2024-20053 · Notion · Notion Web Clipper
Name of the Vulnerable Software and Affected Versions: Notion Web Clipper version 1.0.37 Description: The Notion Web Clipper is susceptible to the Dirty NIB attack, where .nib files can be manipulated to execute arbitrary commands. Even if a .nib file is modified within an application, Gatekeeper...
RHCOS 4 / 9 : OpenShift Container Platform 4.12.21 (RHSA-2023:3545)
The remote Red Hat Enterprise Linux CoreOS 4 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3545 advisory. - golang: html/template: improper handling of JavaScript whitespace CVE-2023-24540 - flask: Possible disclosure of permanent...
CVE-2023-43503
A vulnerability has been identified in COMOS All versions V10.4.4. Caching system in the affected application leaks sensitive information such as user and project information in cleartext via UDP...
Oracle Linux 8 : python-flask (ELSA-2023-12710)
The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-12710 advisory. - Fix for CVE-2023-30861 Orabug: 35662469 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...
SUSE CVE-2023-23969
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very larg...