55 matches found
CVE-2026-27205
Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs caches not to cache...
CVE-2026-27205
Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs caches not to cache...
CVE-2026-27205
Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs caches not to cache...
GHSA-68RP-WP8R-4726 Flask session does not add `Vary: Cookie` header when accessed in some ways
When the session object is accessed, Flask should set the Vary: Cookie header. This instructs caches not to cache the response, as it may contain information specific to a logged in user. This is handled in most cases, but some forms of access such as the Python in operator were overlooked. The...
Use of Cache Containing Sensitive Information
Overview Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the session object. An attacker can cause sensitive user-specific responses to be cached and served to other users by leveraging a caching proxy that does not ignore responses with cookie...
BIT-DISCOURSE-2025-61598 Discourse is missing Cache-Control response header on error responses
Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning...
Use of Web Browser Cache Containing Sensitive Information
Overview Affected versions of this package are vulnerable to Use of Web Browser Cache Containing Sensitive Information due to using an incorrect cache-control header. A local attacker can gain unauthorized access to previously downloaded files by retrieving them from the browser's cache...
Liferay Portal and DXP use an incorrect cache-control header
The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions uses an incorrect cache-control heade...
GHSA-6533-FHR2-F38H Liferay Portal and DXP use an incorrect cache-control header
The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions uses an incorrect cache-control heade...
EUVD-2025-37404
The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions uses an incorrect cache-control heade...
CVE-2025-62276
The CVE-2025-62276 issue affects Liferay Portal and DXP: Document Library and Adaptive Media modules expose a misconfigured cache-control header across multiple versions (Liferay Portal 7.4.0–7.4.3.111 and legacy DXP releases up to 2023.Q4.10, plus 7.4 GA up to update 92). This header flaw enable...
CVE-2025-61598
Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning...
CVE-2025-61598 Discourse is missing Cache-Control response header on error responses
Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning...
CVE-2025-61598 Discourse is missing Cache-Control response header on error responses
Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning...
PT-2025-44213
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.6.2 Discourse version 3.6.0.beta2 Description Discourse, an open source discussion platform, is affected by an issue where the default Cache-Control response header with the value no-store, no-cache was missing fr...
Discourse 安全漏洞
Discourse is an open source community discussion platform from Discourse Open Source. The platform includes features such as communities, email and chat rooms. A security vulnerability exists in Discourse versions prior to 3.6.2 and 3.6.0.beta2, which stems from the lack of a default Cache-Contro...
EUVD-2013-4430
Malware in sbrugna...
EUVD-2025-14946
Malicious code in bioql PyPI...
EUVD-2024-0012
Malicious code in bioql PyPI...
EUVD-2023-2714
Malicious code in bioql PyPI...