Lucene search
K

327 matches found

EUVD
EUVD
added 2026/06/03 1:16 p.m.13 views

EUVD-2026-34089

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

3.1CVSS5.8AI score0.00359EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/06/03 1:16 p.m.8 views

CVE-2026-35193

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

3.1CVSS5.4AI score0.00359EPSS
Exploits0
CVE
CVE
added 2026/06/03 1:16 p.m.177 views

CVE-2026-35193

Technical details about CVE-2026-35193 are not publicly available in the provided documents. Monitor for official updates from Django security advisories.

3.1CVSS5.8AI score0.00359EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/03 1:16 p.m.36 views

CVE-2026-8404

Django 5.2 before 5.2.15 and 6.0 before 6.0.6 contains a vulnerability in django.middleware.cache.UpdateCacheMiddleware where Cache-Control directives are not matched case-insensitively, allowing remote attackers to read cached responses. Older series (5.0.x, 4.1.x, 3.2.x) may also be affected. A...

5.3CVSS5.8AI score0.00285EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/03 1:16 p.m.10 views

CVE-2026-8404

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their...

3.1CVSS5.8AI score0.00285EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/06/03 1:16 p.m.14 views

EUVD-2026-34088

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their...

3.1CVSS5.8AI score0.00285EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/03 1:16 p.m.7 views

CVE-2026-8404 Potential exposure of private data via case-sensitive Cache-Control directives in UpdateCacheMiddleware

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their...

3.1CVSS5.8AI score0.00285EPSS
Exploits0References3
OSV
OSV
added 2026/06/03 1:0 p.m.8 views

UBUNTU-CVE-2026-8404

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their...

5.3CVSS5.3AI score0.00285EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.12 views

PT-2026-45949

Name of the Vulnerable Software and Affected Versions Django versions prior to 5.2.15 Django versions prior to 6.0.6 Description An issue exists in django.middleware.cache.UpdateCacheMiddleware where Cache-Control response directives are not matched case-insensitively. This allows remote attacker...

5.3CVSS5.5AI score0.00359EPSS
Exploits0References40
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-8404

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control...

5.3CVSS5.9AI score0.00285EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/09 12:28 a.m.15 views

Hono's Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage

Summary Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be served to subsequent requests from different users. Details The Cache Middleware skips caching when...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.11 views

PT-2026-34681

Summary Requesting a static JS/CSS resource from the astro path with an incorrect or malformed if-match header returns a 500 error with a one-year cache lifetime instead of 412 in some cases. As a result, all subsequent requests to that file — regardless of the if-match header — will be served a...

5.3CVSS5.7AI score0.00238EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/03/30 12:0 a.m.2 views

Amazon Linux 2023 : python3-flask (ALAS2023-2026-1476)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1476 advisory. Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use o...

4.3CVSS5.8AI score0.00374EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/28 12:30 p.m.9 views

EUVD-2026-16911

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose sensitive information in web management responses. Administrative credentials, including the router and/or admin panel password, are included in plaintext within configuration response bodies. In addition, responses lack...

6.8CVSS5.9AI score0.00297EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 12:18 p.m.8 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to loss of confidentiality (CVE-2026-24398, CVE-2026-24472, CVE-2026-24473, CVE-2026-24771)

Summary Node.js module Hono is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported...

6.5CVSS6.2AI score0.00457EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/24 10:25 p.m.7 views

CVE-2026-27514

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response includes the router password and administrative password in plaintext. The endpoint also omits...

7.1CVSS5.5AI score0.00216EPSS
Exploits0References1
OSV
OSV
added 2026/02/23 5:23 p.m.6 views

CVE-2026-27514

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response includes the router password and administrative password in plaintext. The endpoint also omits...

6.5CVSS5.8AI score0.00216EPSS
Exploits0References2
NVD
NVD
added 2026/02/23 5:23 p.m.58 views

CVE-2026-27514

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response includes the router password and administrative password in plaintext. The endpoint also omits...

7.1CVSS0.00216EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/23 4:27 p.m.7 views

CVE-2026-27514 Tenda F3 Plaintext Credential Exposure in Configuration Download

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response includes the router password and administrative password in plaintext. The endpoint also omits...

7.1CVSS5.4AI score0.00216EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/23 4:27 p.m.31 views

CVE-2026-27514 Tenda F3 Plaintext Credential Exposure in Configuration Download

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response includes the router password and administrative password in plaintext. The endpoint also omits...

7.1CVSS0.00216EPSS
Exploits0References2
Rows per page
Query Builder