CVE-2026-41918

A vulnerability has been identified in RUGGEDCOM RST2428P 6GK6242-6PA00 All versions V4.0. The affected applications stores sensitive information in the browser cache when an authenticated user modify specific configurations. This could allow an authenticated attacker to access sensitive data...

CVE-2026-6907

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. django.middleware.cache.UpdateCacheMiddleware erroneously caches requests where the Vary header contained an asterisk ''. This can lead to private data being stored and served. Earlier, unsupported Django series such as 5.0.x,...

CVE-2025-14806

CVE-2025-14806 affects IBM Planning Analytics Local 2.1.0–2.1.17, where a flaw in the caching mechanism could allow an attacker to trick the cache into storing and serving sensitive, user-specific responses as publicly cacheable resources. The Red Hat/US IBM advisories and the IBM Security Bullet...

CVE-2025-36364

IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system...

PT-2026-22799

IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system...

CVE-2026-24437

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 serve sensitive administrative content without appropriate cache-control directives. As a result, browsers may store credential-bearing responses locally, exposing them to subsequent unauthorized access...

CVE-2025-13083

Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before...

Mozilla Firefox < 59.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 59.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-06 advisory. - A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during edit...

EUVD-2025-25646

Malicious code in bioql PyPI...

CVE-2025-36082

IBM OpenPages 9.0 and 9.1 allows web page cache to be stored locally which can be read by another user on the system...

CVE-2025-36082 IBM OpenPages information disclosure

IBM OpenPages 9.0 and 9.1 allows web page cache to be stored locally which can be read by another user on the system...

CVE-2024-29036

Saleor Storefront is software for building e-commerce experiences. Prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783, when any user authenticates in the storefront, anonymous users are able to access their data. The session is leaked through cache and can be accessed by anyone. Users shoul...

Use of Cache Containing Sensitive Information

Overview querycommander is a Browser-based SQL Query Tool for Universal Database Management Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information potentially exposing user data across sessions due to improper caching. Remediation Upgrade querycommander ...

CVE-2024-33004

SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on...

PT-2024-19710 · Open Xchange Gmbh +1 · Ox App Suite

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue arises from E-Mails being exported as PDF and stored in a cache that does not consider specific session information for the related user account. This allows users of the same...

UBUNTU-CVE-2022-3291

Serialization of sensitive data in GitLab EE affecting all versions from 14.9 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 can leak sensitive information via cache...

PT-2022-16850 · Shopware · Shopware

Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 6.4.8.2 Description: The issue arises from the improper setting of sensitive HTTP headers, making them cacheable. If an HTTP cache exists between the server and client, these headers may be exposed via HTTP caches...

CVE-2021-42015

A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.26, Mendix Applications using Mendix 8 All versions V8.18.12, Mendix Applications using Mendix 9 All versions V9.6.1. Applications built with affected versions of Mendix Studio Pro do not prevent file...

A week in security (October 22 – 28)

Last week on Malwarebytes Labs, we took a look at some new Mac malware, gave you a roundup of 2018 exploit kits, and dispensed some advice on sextortion scams. We also looked at the Cathay Pacific breach, groaned at the revival of an old browser trick, and explained how voting machines and...

USN-3741-2 linux-lts-xenial, linux-aws vulnerabilities

USN-3741-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that memory present in the L1 data cache of an Intel CPU core may be...