GHSA-VFV6-92FF-J949 Next.js vulnerable to cache poisoning via collisions in React Server Component cache-busting

Impact React Server Component responses can be vulnerable to cache poisoning in deployments that rely on shared caches with insufficient response partitioning. In affected conditions, collisions in the rsc cache-busting value can allow an attacker to poison cache entries so users receive the wron...

PT-2026-37036

Name of the Vulnerable Software and Affected Versions github.com/gofiber/fiber/v3 versions prior to 3.1.0 Description The default key generator in the cache middleware uses only the request path via the c.Path function and excludes the query string. Consequently, requests targeting the same path...

CVE-2026-35039

fast-jwt provides fast JSON Web Token JWT implementation. From 0.0.1 to before 6.2.0, setting up a custom cacheKeyBuilder method which does not properly create unique keys for different tokens can lead to cache collisions. This could cause tokens to be mis-identified during the verification proce...

CVE-2026-35039

fast-jwt provides fast JSON Web Token JWT implementation. From 0.0.1 to before 6.2.0, setting up a custom cacheKeyBuilder method which does not properly create unique keys for different tokens can lead to cache collisions. This could cause tokens to be mis-identified during the verification proce...

GHSA-RP9M-7R4C-75QG fast-jwt: Cache Confusion via cacheKeyBuilder Collisions Can Return Claims From a Different Token (Identity/Authorization Mixup)

NOTE: While the library exposes a mechanism which could introduce the vulnerability, this issue is created by developer-supplied code and not by the library itself. We will add a warning and some education for users around the possible issues however since the defaults work we will not be updatin...

fast-jwt: Cache Confusion via cacheKeyBuilder Collisions Can Return Claims From a Different Token (Identity/Authorization Mixup)

NOTE: While the library exposes a mechanism which could introduce the vulnerability, this issue is created by developer-supplied code and not by the library itself. We will add a warning and some education for users around the possible issues however since the defaults work we will not be updatin...

Improper Validation of Unsafe Equivalence in Input

Overview fast-jwt is a Fast JSON Web Token implementation Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input in the cacheKeyBuilder function when custom implementations do not generate unique keys for different tokens, leading to cache collision...

PT-2026-30016

Name of the Vulnerable Software and Affected Versions fast-jwt affected versions not specified Description The fast-jwt library has a cache confusion vulnerability that can lead to identity or authorization mix-ups. This occurs when a custom cacheKeyBuilder function does not create unique keys fo...

PYSEC-2025-62

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. Prefix caching makes use of Python's built-i...

FreeBSD : mozilla -- multiple vulnerabilities (12bd6ecf-c430-11db-95c5-000c6ec775d9)

The Mozilla Foundation reports of multiple security issues in Firefox, SeaMonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. - MFSA 2007-08 onUnload + document.write memory corruption - MFSA 2007-07...

mozilla -- multiple vulnerabilities

The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. MFSA 2007-08 onUnload + document.write memory corruption MFSA 2007-07 Embedded...

Information disclosure through cache collisions — Mozilla

Aad reported that two web pages can collide in the disk cache with the result that depending on order loaded the end of the longer document can be appended to the shorter when the shorter is reloaded from the cache. It is possible a determined hacker could construct a targeted attack to steal som...