Lucene search
K

22 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/30 8:51 a.m.14 views

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in Next.js (CVE-2025-57752 and CVE-2025-55173)

Summary The vulnerabilities CVE-2025-57752 Cache Key Confusion / Cache Deception and CVE-2025-55173 Content Injection / Arbitrary File Delivery in the Next.js framework have been completely resolved by upgrading the dependency from version 14.2.26 to 15.5.15. Vulnerability Details...

6.2CVSS6AI score0.00509EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/03/26 6:16 p.m.10 views

CVE-2026-33496

ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to authentication bypass due to cache key confusion. The oauth2introspection authenticator cache does not distingui...

8.1CVSS0.00333EPSS
Exploits0References2
CVE
CVE
added 2026/03/26 5:29 p.m.15 views

CVE-2026-33496

Overview: CVE-2026-33496 affects ORY Oathkeeper (Identity & Access Proxy) prior to version 26.2.0, where the oauth2_introspection authenticator cache fails to distinguish tokens across different introspection URLs, enabling authentication bypass via cache key confusion. Impact (as described): An ...

8.1CVSS5.8AI score0.00333EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/26 5:29 p.m.23 views

CVE-2026-33496 Ory Oathkeeper has an authentication bypass by cache key confusion

ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to authentication bypass due to cache key confusion. The oauth2introspection authenticator cache does not distingui...

8.1CVSS0.00333EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/26 5:29 p.m.4 views

CVE-2026-33496

ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to authentication bypass due to cache key confusion. The oauth2introspection authenticator cache does not distingui...

8.1CVSS5.8AI score0.00333EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/26 5:29 p.m.6 views

CVE-2026-33496 Ory Oathkeeper has an authentication bypass by cache key confusion

ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to authentication bypass due to cache key confusion. The oauth2introspection authenticator cache does not distingui...

8.1CVSS6.4AI score0.00333EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.11 views

Ory Oathkeeper 安全漏洞

Ory Oathkeeper is an access control decision-making software developed by Ory OpenSource. Versions of Ory Oathkeeper prior to 26.2.0 contained security vulnerabilities. These vulnerabilities were caused by a cache key confusion in the oauth2introspection authentication mechanism, which could lead...

8.1CVSS6.4AI score0.00333EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/23 6:16 p.m.0 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication due to cache key confusion. An attacker can gain unauthorized access by using a token to prime the cache, and subsequently use the same token for rules that use a different introspection server. Note: This is onl...

8.1CVSS5.8AI score0.00333EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/23 6:16 p.m.2 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication due to cache key confusion. An attacker can gain unauthorized access by using a token to prime the cache, and subsequently use the same token for rules that use a different introspection server. Note: This is onl...

8.1CVSS5.8AI score0.00333EPSS
Exploits0References3
OSV
OSV
added 2026/03/23 6:16 p.m.4 views

GO-2026-4799 Ory Oathkeeper has an authentication bypass by cache key confusion in github.com/ory/oathkeeper

Ory Oathkeeper has an authentication bypass by cache key confusion in github.com/ory/oathkeeper...

8.1CVSS5.8AI score0.00333EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/20 8:51 p.m.9 views

Ory Oathkeeper has an authentication bypass by cache key confusion

Description Ory Oathkeeper is vulnerable to authentication bypass due to cache key confusion. The oauth2introspection authenticator cache does not distinguish tokens that were validated with different introspection URLs. An attacker can therefore legitimately use a token to prime the cache, and...

8.1CVSS5.8AI score0.00333EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/20 8:51 p.m.7 views

GHSA-4MQ7-PVJG-XP2R Ory Oathkeeper has an authentication bypass by cache key confusion

Description Ory Oathkeeper is vulnerable to authentication bypass due to cache key confusion. The oauth2introspection authenticator cache does not distinguish tokens that were validated with different introspection URLs. An attacker can therefore legitimately use a token to prime the cache, and...

8.1CVSS5.8AI score0.00333EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 5:49 p.m.11 views

Security Bulletin: IBM Edge Data Collector uses next-15.3.1.tgz which is vulnerable to CVE-2025-55173, CVE-2025-57752.

Summary IBM Edge Data Collector uses next-15.3.1.tgz which is vulnerable to CVE-2025-55173, CVE-2025-57752. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-55173 DESCRIPTION: Next.js is a React framework for building full-stack...

6.2CVSS6.7AI score0.00509EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-28624

Malicious code in bioql PyPI...

6.2CVSS6.3AI score0.00325EPSS
Exploits0References5
Veracode
Veracode
added 2025/09/29 9:13 a.m.6 views

Cache Key Confusion

Next.js is vulnerable to cache key confusion. The vulnerability is due to improper handling of request headers in the Image Optimization API routes, which allows an attacker to receive cached image responses intended for authorized users...

6.2CVSS7AI score0.00325EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/09/05 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-57752

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization A...

6.2CVSS5AI score0.00325EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/29 10:6 p.m.3 views

CVE-2025-57752 Next.js Affected by Cache Key Confusion for Image Optimization API Routes

Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers such as Cookie or...

6.2CVSS6.3AI score0.00325EPSS
Exploits0References4
OSV
OSV
added 2025/08/29 10:6 p.m.9 views

CVE-2025-57752 Next.js Affected by Cache Key Confusion for Image Optimization API Routes

Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers such as Cookie or...

6.2CVSS6.5AI score0.00325EPSS
Exploits0References6
CVE
CVE
added 2025/08/29 10:6 p.m.60 views

CVE-2025-57752

CVE-2025-57752 affects Next.js image optimization API routes. The cache key confusion bug can cause responses that depend on request headers (e.g., Cookie/Authorization) to be cached and served to unauthorized users. Impact: potential exposure of image responses to unintended users. Affected vers...

6.2CVSS6.3AI score0.00325EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/08/29 10:6 p.m.7 views

CVE-2025-57752 Next.js Affected by Cache Key Confusion for Image Optimization API Routes

Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers such as Cookie or...

6.2CVSS0.00325EPSS
Exploits0References4
Rows per page
Query Builder