CVE-2026-48587

Django is affected in versions 5.2 before 5.2.15 and 6.0 before 6.0.6. The vulnerability lies in django.utils.cache.has_vary_header(), which does not strip leading/trailing whitespace from Vary header values before comparison. This can allow remote attackers to read cached responses by targeting ...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Team: Fix null-ptr-deref when the team device type is changed. The null-ptr-deref bug occurs as follows with a reproducer 1. Bug: NULL pointer dereferencing in the kernel. Address: 0000000000000228 …RIP:...

Astra Linux - уязвимость в flask

Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client’s session...

OESA-2026-2135 python-flask security update

Flask is a lightweight WSGI web application framework. It is designed to make getting started quick and easy, with the ability to scale up to complex applications. It began as a simple wrapper around Werkzeug and Jinja and has become one of the most popular Python web application frameworks...

GHSA-7JXJ-RPX7-PH2C Umbraco.Forms CDN may cache sensitive form uploads when processed by ImageSharp

Impact Protected files uploaded through Umbraco Forms may be served to unauthenticated users when a CDN or caching layer is present and ImageSharp processes the request. ImageSharp sets aggressive cache headers by default, which can cause intermediary caches to store and serve files that should...

Use of Web Browser Cache Containing Sensitive Information

Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Use of Web Browser Cache Containing Sensitive Information via the HTTP header Cache-Control: public, which may be applied by a...

CVE-2025-62276

The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions uses an incorrect cache-control heade...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

EUVD-2025-36558

Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning...

📄 Packet Storm Missing Cache Header

Packet Storm was missing a cache control header on the user settings page, allowing for parties to click back in a browser post-logout and see the page from the local browser cache. As shared computing situations can allow this to lead to an information disclosure issue, it was immediately...

EUVD-2018-16917

Malware in sbrugna...

nextjs-auth0 安全漏洞

nextjs-auth0 is an Auth0 open source Next.js SDK for logging in using Auth0. A security vulnerability exists in nextjs-auth0 versions 4.0.1 through 4.6.0 and earlier, which stems from a missing Cache-Control header that could result in session cookies being cached by a CDN...

HCL Leap 安全漏洞

HCL Leap is a low-code development platform from HCL India. HCL Leap has a security vulnerability that stems from the lack of a no cache header, which could lead to caching of sensitive data...

PT-2025-18333 · Hcl · Hcl Leap

Name of the Vulnerable Software and Affected Versions: HCL Leap affected versions not specified Description: The issue concerns missing "no cache" headers in HCL Leap, which allows sensitive data to be cached. This could potentially expose confidential information. Recommendations: At the moment,...

HCL Leap 安全漏洞

HCL Leap is a low-code development platform from HCL India. A security vulnerability exists in HCL Leap, which stems from the lack of a no cache header, which could lead to user directory information being cached...

HCL Leap 安全漏洞

HCL Leap is a low-code development platform from HCL India. HCL Leap suffers from a security vulnerability that stems from the lack of a no cache header, which could lead to sensitive data being cached...

PYSEC-2024-195

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow.Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.This issue affects Apache...

PT-2024-4257 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.9.2 Description: The issue is related to the use of web browser cache containing sensitive information in Apache Airflow. Airflow did not return a "Cache-Control" header for dynamic content, which could resu...

ZEIT Next.js Security Vulnerability

ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack and Babel.js. A security vulnerability exists in versions prior to Next.js 13.4.20-canary.13 that stems from a missing cache control header, which can lead to a denial of service...

SUSE CVE-2014-3581

The cachemergeheadersout function in modules/cache/cacheutil.c in the modcache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty HTTP Content-Type header...