CVE-2026-47225 Improper Search Cache Isolation for Scoped Search API Keys in Typesense

Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is a cache isolation issue affecting search requests that use both server-side search result caching and Scoped Search API Keys. Under specific request ordering, cached search results could be reused across...

CVE-2026-47225

Type: CVE-2026-47225 affects Typesense search engine. A cache isolation flaw in versions prior to 29.1 and 30.2 affects requests that use both server-side search result caching and Scoped Search API Keys. Under certain request ordering, cached results could be reused across requests with differen...

EUVD-2026-36511

Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is a cache isolation issue affecting search requests that use both server-side search result caching and Scoped Search API Keys. Under specific request ordering, cached search results could be reused across...

PT-2026-48945

Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is a cache isolation issue affecting search requests that use both server-side search result caching and Scoped Search API Keys. Under specific request ordering, cached search results could be reused across...

Cross-site Scripting (XSS)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Scripting XSS in the handling of programme titles from user-supplied XML in the EPG feature. An attacker can execute arbitrary JavaScript in the browser...

axios-cache-interceptor Vulnerable to Cache Poisoning via Ignored HTTP Vary Header

Summary When a server calls an upstream service using different auth tokens, axios-cache-interceptor returns incorrect cached responses, leading to authorization bypass. Details The cache key is generated only from the URL, ignoring request headers like Authorization. When the server responds wit...

CVE-2025-11703

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 9.0.48. This is due to the plugin not serving cached data from server-side responses and instead relying on user-input. This makes it possible for unauthenticated...

Information Disclosure

toui is vulnerable to Information Disclosure. The vulnerability exists because Website.uservars are available to all users via server side caching, which leads user-specific variables to being shared between users...

cimage 跨站脚本漏洞

cimage is an application by Mikael Roos personal developer. It is used for server-side image resizing and dynamic cropping, and uses PHP to cache generated image files. A cross-site scripting vulnerability exists in cimage, which stems from a parameter in checksystem.php that causes cross-site...

Seven Must-Dos to Secure MySQL 8.0

Most database breaches are blamed on insiders such as employees who are either malicious or whose security has been compromised. In fact, most of these breaches are actually caused by poor security configuration and privilege abuse. Every new database version brings security upgrades. Use them...

Any Write cache mode which involves the Target Device local HDD reverts to server side caching

When trying to configure the write cache, any selection that involves the local HDD of the target device would fail. Cache on device ram - works Cache on server - works Ram with overflow - fails to server Cache on Device HD - fails to server...