EUVD-2023-3210

Malicious code in bioql PyPI...

EUVD-2023-30575

Malicious code in bioql PyPI...

PT-2025-37533

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel related to resource control resctrl where the staged config array in rdt domain is not properly cleared before and after use. This can lead to stale...

SUSE CVE-2025-0495

Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...

DEBIAN-CVE-2025-0495

Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...

AZL-58854 CVE-2025-0495 affecting package moby-buildx for versions less than 0.7.1-25

Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...

AZL-58863 CVE-2025-0495 affecting package docker-buildx for versions less than 0.14.0-5

Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...

UBUNTU-CVE-2025-0495

Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...

PT-2024-37856 · Jetty +2 · Jetty +2

Name of the Vulnerable Software and Affected Versions: Jetty affected versions not specified Description: The Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote Denial of Service DoS attacks by exhausting the server's memory. This issue allows attackers to...

CVE-2023-5384

CVE-2023-5384 affects Infinispan: when serializing a cache configuration to XML/JSON/YAML that contains credentials (e.g., JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration. This exposes sensitive data if the configuration i...

infinispan: Credentials returned from configuration as clear text

A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials JDBC store with connection pooling, remote store, the credentials are returned in clear text as part of the configuration...

CVE-2023-5384

A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials JDBC store with connection pooling, remote store, the credentials are returned in clear text as part of the configuration. Mitigation The issue's impact is limited because...

PVS target devices will not HA failover to another PVS server.

PVS target devices will not HA failover to another PVS server. Targets devices will freeze until the original server they were streaming from is available again. HA related configurations can be checked: The vdisk should beconfigured to use cache in ram with overflow to local device hard disk, an...

infinispan: Non-admins should not be able to get cache config via REST API

A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions...

CVE-2023-26782

An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface -System Configuration-Cache Configuration-Cache security characters...

CVE-2023-26782

An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface -System Configuration-Cache Configuration-Cache security characters...

GHSA-954F-XW44-56R2 Authentication cache in Active Directory Jenkins Plugin allows logging in with any password

Jenkins Active Directory Plugin implements two separate modes: Integration with ADSI on Windows, and an OS agnostic LDAP-based mode. Optionally, to reduce lookup time, a cache can be configured to remember user lookups and user authentications. In Active Directory Plugin prior to 2.20 and 2.16.1,...

CVE-2021-24027

A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read cached TLS material...

CVE-2021-24027

CVE-2021-24027 is a vulnerability affecting WhatsApp for Android and WhatsApp Business for Android prior to/including v2.21.4.18, causing a cache configuration issue that could allow a third party with access to external storage to read cached TLS material. The issue is described as a sensitive i...

CakePHP 1.3.5 / 1.2.8 Cache Corruption

!/usr/bin/python burnedCake.py - CakePHP = 1.3.5 / 1.2.8 Cache Corruption Exploit written by [email protected] This code exploits a unserialize vulnerability in the CakePHP security component. See http://malloc.im/CakePHP-unserialize.txt for a detailed analysis of the vulnerability. The exploit...