CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

305 matches found

CVE-2026-8404

A flaw was found in Django. The django.middleware.cache.UpdateCacheMiddleware component does not correctly process Cache-Control response directives when they use uppercase or mixed-case values. This vulnerability allows a remote attacker to read responses that should not have been cached, leadin...

3.1CVSS5.7AI score

Exploits0References6

NVD•added yesterday•3 views

CVE-2026-8404

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their...

3.1CVSS

Exploits0References3

ATTACKERKB•added yesterday•1 views

CVE-2026-35193

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

3.1CVSS5.8AI score

Exploits0References4Affected Software1

EUVD•added yesterday•5 views

EUVD-2026-34089

3.1CVSS5.8AI score

Exploits0References3

CVE•added yesterday•7 views

CVE-2026-35193

Technical details about CVE-2026-35193 are not publicly available in the provided documents. Monitor for official updates from Django security advisories.

3.1CVSS5.8AI score

Exploits0References3

ATTACKERKB•added yesterday•2 views

CVE-2026-8404

3.1CVSS5.8AI score

Exploits0References4Affected Software1

Vulnrichment•added yesterday•2 views

CVE-2026-8404 Potential exposure of private data via case-sensitive Cache-Control directives in UpdateCacheMiddleware

3.1CVSS5.8AI score

Exploits0References3

CVE•added yesterday•5 views

CVE-2026-8404

Summary: Django 5.2 (before 5.2.15) and Django 6.0 (before 6.0.6) contain a vulnerability in the UpdateCacheMiddleware where the middleware does not case-insensitively match Cache-Control directives. This can allow remote attackers to read responses that were cached with uppercase or mixed-case d...

3.1CVSS5.8AI score

Exploits0References3

EUVD•added yesterday•6 views

EUVD-2026-34088

3.1CVSS5.8AI score

Exploits0References3

Positive Technologies•added yesterday•3 views

PT-2026-45949

3.1CVSS5.8AI score

Exploits0References4

Github Security Blog•added 2026/05/09 12:28 a.m.•6 views

Hono's Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage

Summary Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be served to subsequent requests from different users. Details The Cache Middleware skips caching when...

5.3CVSS5.8AI score0.00038EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/04/23 12:0 a.m.•2 views

PT-2026-34681

Summary Requesting a static JS/CSS resource from the astro path with an incorrect or malformed if-match header returns a 500 error with a one-year cache lifetime instead of 412 in some cases. As a result, all subsequent requests to that file — regardless of the if-match header — will be served a...

5.3CVSS5.7AI score0.00056EPSS

Exploits0References5

Tenable Nessus•added 2026/03/30 12:0 a.m.•1 views

Amazon Linux 2023 : python3-flask (ALAS2023-2026-1476)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1476 advisory. Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use o...

4.3CVSS5.8AI score0.00014EPSS

Exploits0References4

EUVD•added 2026/03/28 12:30 p.m.•4 views

EUVD-2026-16911

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose sensitive information in web management responses. Administrative credentials, including the router and/or admin panel password, are included in plaintext within configuration response bodies. In addition, responses lack...

6.8CVSS5.9AI score0.00146EPSS

Exploits0References7

IBM Security Bulletins•added 2026/03/02 12:18 p.m.•4 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to loss of confidentiality (CVE-2026-24398, CVE-2026-24472, CVE-2026-24473, CVE-2026-24771)

Summary Node.js module Hono is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported...

6.5CVSS6.2AI score0.00069EPSS

Exploits0Affected Software1

RedhatCVE•added 2026/02/24 10:25 p.m.•4 views

CVE-2026-27514

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response includes the router password and administrative password in plaintext. The endpoint also omits...

7.1CVSS5.5AI score0.00046EPSS

Exploits0References1