Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Team: Fix null-ptr-deref when the team device type is changed. The null-ptr-deref bug occurs as follows with a reproducer 1. Bug: Kernel NULL pointer dereferencing. Address: 0000000000000228… … RIP:...

EUVD-2026-37766

undici vulnerable to cross-user information disclosure via shared cache whitespace bypass...

undici vulnerable to cross-user information disclosure via shared cache whitespace bypass

Impact Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded qualified private or no-cache field names such as private=" authorization" or no-cache="\tauthorization". The parser preserves the surrounding...

CVE-2026-9678

Undici (node) vulnerability CVE-2026-9678: in shared-cache mode, the cache interceptor may misclassify responses as cacheable when Cache-Control uses whitespace-padded private/no-cache directives (e.g., private=" authorization" or no-cache="\tauthorization"). The whitespace is preserved by the pa...

CVE-2026-48587

CVE-2026-48587 affects Django 5.2 before 5.2.15 and 6.0 before 6.0.6. The flaw in django.utils.cache.has_vary_header() does not strip leading/trailing whitespace from the Vary header before comparison, enabling remote attackers to read cached responses by requesting URLs whose responses contain w...

Linux Distros Unpatched Vulnerability : CVE-2026-35193

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to...

Astra Linux – Vulnerability in Flask

Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client’s session...

OESA-2026-2135 python-flask security update

Flask is a lightweight WSGI web application framework. It is designed to make getting started quick and easy, with the ability to scale up to complex applications. It began as a simple wrapper around Werkzeug and Jinja and has become one of the most popular Python web application frameworks...

GHSA-7JXJ-RPX7-PH2C Umbraco.Forms CDN may cache sensitive form uploads when processed by ImageSharp

Impact Protected files uploaded through Umbraco Forms may be served to unauthenticated users when a CDN or caching layer is present and ImageSharp processes the request. ImageSharp sets aggressive cache headers by default, which can cause intermediary caches to store and serve files that should...

Use of Web Browser Cache Containing Sensitive Information

Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Use of Web Browser Cache Containing Sensitive Information via the HTTP header Cache-Control: public, which may be applied by a...

CVE-2025-62276

The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions uses an incorrect cache-control heade...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

EUVD-2025-36558

Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning...

📄 Packet Storm Missing Cache Header

Packet Storm was missing a cache control header on the user settings page, allowing for parties to click back in a browser post-logout and see the page from the local browser cache. As shared computing situations can allow this to lead to an information disclosure issue, it was immediately...

EUVD-2018-16917

Malware in sbrugna...

nextjs-auth0 安全漏洞

nextjs-auth0 is an Auth0 open source Next.js SDK for logging in using Auth0. A security vulnerability exists in nextjs-auth0 versions 4.0.1 through 4.6.0 and earlier, which stems from a missing Cache-Control header that could result in session cookies being cached by a CDN...

HCL Leap 安全漏洞

HCL Leap is a low-code development platform from HCL India. HCL Leap has a security vulnerability that stems from the lack of a no cache header, which could lead to caching of sensitive data...

PT-2025-18333 · Hcl · Hcl Leap

Name of the Vulnerable Software and Affected Versions: HCL Leap affected versions not specified Description: The issue concerns missing "no cache" headers in HCL Leap, which allows sensitive data to be cached. This could potentially expose confidential information. Recommendations: At the moment,...

HCL Leap 安全漏洞

HCL Leap is a low-code development platform from HCL India. A security vulnerability exists in HCL Leap, which stems from the lack of a no cache header, which could lead to user directory information being cached...

HCL Leap 安全漏洞

HCL Leap is a low-code development platform from HCL India. HCL Leap suffers from a security vulnerability that stems from the lack of a no cache header, which could lead to sensitive data being cached...