mercure has Topic Selector Cache Key Collision

Impact A cache key collision vulnerability in TopicSelectorStore allows an attacker to poison the match result cache, potentially causing private updates to be delivered to unauthorized subscribers or blocking delivery to authorized ones. The cache key was constructed by concatenating the topic...

GHSA-HWR4-MQ23-WCV5 mercure has Topic Selector Cache Key Collision

Impact A cache key collision vulnerability in TopicSelectorStore allows an attacker to poison the match result cache, potentially causing private updates to be delivered to unauthorized subscribers or blocking delivery to authorized ones. The cache key was constructed by concatenating the topic...

CVE-2026-35030

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.83.0, when JWT authentication is enabled enablejwtauth: true, the OIDC userinfo cache uses token:20 as the cache key. JWT headers produced by the same signing algorithm generate identical first 20...

CVE-2026-35039 fast-jwt Affected by Cache Confusion via cacheKeyBuilder Collisions Can Return Claims From a Different Token (Identity/Authorization Mixup)

fast-jwt provides fast JSON Web Token JWT implementation. From 0.0.1 to before 6.2.0, setting up a custom cacheKeyBuilder method which does not properly create unique keys for different tokens can lead to cache collisions. This could cause tokens to be mis-identified during the verification proce...

LiteLLM: Authentication bypass via OIDC userinfo cache key collision

Impact When JWT authentication is enabled enablejwtauth: true, the OIDC userinfo cache uses token:20 as the cache key. JWT headers produced by the same signing algorithm generate identical first 20 characters. This configuration option is not enabled by default. Most instances are not affected. A...

GHSA-JHP4-JVQ3-W5XR Parse Dashboard Has a Cache Key Collision that Leaks Master Key to Read-Only Sessions

Impact The ConfigKeyCache uses the same cache key for both master key and read-only master key when resolving function-typed keys. Under specific timing conditions, a read-only user can receive the cached full master key, or a regular user can receive the cached read-only master key. Patches The...

CVE-2026-25480 FileStore key canonicalization collisions allow response cache mixup/poisoning (ASCII ord + Unicode NFKD)

Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, FileStore maps cache keys to filenames using Unicode NFKD normalization and ord substitution without separators, creating key collisions. When FileStore is used as response-cache backend, an unauthenticated remo...

CVE-2025-71105

CVE-2025-71105 documents a Linux kernel issue in f2fs where two slab caches (f2fs_xattr_entry-7:3 and f2fs_xattr_entry-7:7) with identical slab sizes cause kmem_cache_sanity_check warnings during mount operations. The root cause is using per-sb slab caches instead of a single global slab, leading...

CVE-2021-41329

Datalust Seq before 2021.2.6259 allows users with view filters applied to their accounts to see query results not constrained by their view filter. This information exposure, caused by an internal cache key collision, occurs when the user's view filter includes an array or IN clause, and when...

CVE-2021-41329

Datalust Seq before 2021.2.6259 allows users with view filters applied to their accounts to see query results not constrained by their view filter. This information exposure, caused by an internal cache key collision, occurs when the user's view filter includes an array or IN clause, and when...

Ubuntu Update for firefox vulnerabilities USN-428-1

Ubuntu Update for Linux kernel vulnerabilities USN-428-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4281.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for firefox vulnerabilities USN-428-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

Ubuntu 6.06 LTS : firefox regression (USN-428-2)

USN-428-1 fixed vulnerabilities in Firefox 1.5. However, changes to library paths caused applications depending on libnss3 to fail to start up. This update fixes the problem. We apologize for the inconvenience. Several flaws have been found that could be used to perform Cross-site scripting...

GLSA-200703-08 : SeaMonkey: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200703-08 SeaMonkey: Multiple vulnerabilities Tom Ferris reported a heap-based buffer overflow involving wide SVG stroke widths that affects SeaMonkey. Various researchers reported some errors in the JavaScript engine potentially...

SeaMonkey: Multiple vulnerabilities

Background The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla Application Suite'. Description Tom Ferris reported a heap-based buffer overflow involving wide SVG stroke widths that affects SeaMonke...

GLSA-200703-04 : Mozilla Firefox: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200703-04 Mozilla Firefox: Multiple vulnerabilities Tom Ferris reported a heap-based buffer overflow involving wide SVG stroke widths that affects Mozilla Firefox 2 only. Various researchers reported some errors in the JavaScript...