Lucene search
K

216 matches found

OSV
OSV
added 2026/06/15 5:24 p.m.9 views

GHSA-39PV-4J6C-2G6V @angular/common: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Data Leakage and State Poisoning

Angular's HttpTransferCache caches HTTP requests made during Server-Side Rendering SSR so that they can be reused during client-side hydration. This avoids repeating the same HTTP requests on the client. The cached responses are stored in TransferState using a cache key generated by hashing reque...

8.8CVSS5.3AI score0.0009EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/15 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-48096

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenFGA is an authorization/permission engine built for developers. Prior to version 1.16.0, when iterator caching is enabled, two distinct check requests can...

5.3CVSS5.3AI score0.00101EPSS
Exploits0References2
OSV
OSV
added 2026/06/11 8:28 p.m.4 views

GHSA-8396-JFFM-QX4W OpenFGA has cache-key delimiter injection in shared-iterator and v2 iterator that caches enables intra-store authorization-decision poisoning

Description In OpenFGA, when iterator caching is enabled, two distinct check requests can produce the same cache key, leading to OpenFGA reusing an earlier cached result for a subsequent request. Preconditions This applies if the following preconditions are present: - FGA runs with...

5CVSS5.5AI score0.00101EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/11 8:28 p.m.11 views

OpenFGA has cache-key delimiter injection in shared-iterator and v2 iterator that caches enables intra-store authorization-decision poisoning

Description In OpenFGA, when iterator caching is enabled, two distinct check requests can produce the same cache key, leading to OpenFGA reusing an earlier cached result for a subsequent request. Preconditions This applies if the following preconditions are present: - FGA runs with...

5.3CVSS5.5AI score0.00101EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/06/11 8:28 p.m.11 views

EUVD-2026-36061

OpenFGA has cache-key delimiter injection in shared-iterator and v2 iterator that caches enables intra-store authorization-decision poisoning...

5.3CVSS5.5AI score0.00101EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/10 6:20 p.m.6 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in . If SharedIteratorCache and ListObjectsIteratorCache are enabled, a user can influence authorization decisions by sending malicious requests that trigger cache key collisions, causing t...

5.3CVSS5.3AI score0.00101EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 4:17 p.m.10 views

CVE-2026-48096

OpenFGA is an authorization/permission engine built for developers. Prior to version 1.16.0, when iterator caching is enabled, two distinct check requests can produce the same cache key, leading to OpenFGA reusing an earlier cached result for a subsequent request. This issue has been patched in...

5.3CVSS0.00101EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 3:9 p.m.32 views

CVE-2026-48096 OpenFGA: Cache-key delimiter injection in openfga/openfga shared-iterator and v2 iterator caches enables intra-store authorization-decision poisoning

OpenFGA is an authorization/permission engine built for developers. Prior to version 1.16.0, when iterator caching is enabled, two distinct check requests can produce the same cache key, leading to OpenFGA reusing an earlier cached result for a subsequent request. This issue has been patched in...

5CVSS0.00101EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 3:9 p.m.22 views

CVE-2026-48096

OpenFGA: The CVE affects the OpenFGA authorization engine prior to v1.16.0 due to an issue with iterator caching where two distinct check requests could produce the same cache key, causing reuse of an earlier cached result. The root cause is described as a cache-key issue in the shared-iterator a...

5.3CVSS5.4AI score0.00101EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2026/06/10 3:9 p.m.10 views

CVE-2026-48096 OpenFGA: Cache-key delimiter injection in openfga/openfga shared-iterator and v2 iterator caches enables intra-store authorization-decision poisoning

OpenFGA is an authorization/permission engine built for developers. Prior to version 1.16.0, when iterator caching is enabled, two distinct check requests can produce the same cache key, leading to OpenFGA reusing an earlier cached result for a subsequent request. This issue has been patched in...

5CVSS5.3AI score0.00101EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

OpenFGA 数据伪造问题漏洞

OpenFGA is an open-source authorization/licensing engine built for developers, inspired by Google Zanzibar. Versions of OpenFGA prior to 1.16.0 had a data manipulation vulnerability. This vulnerability arises from the possibility that two different check requests may generate the same cache key...

5.3CVSS5.2AI score0.00101EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.13 views

PT-2026-48462

Name of the Vulnerable Software and Affected Versions OpenFGA versions prior to 1.16.0 Description When iterator caching is enabled, specifically with SharedIteratorCache and ListObjectsIteratorCache, two distinct check requests can produce the same cache key. This causes the system to reuse a...

5.3CVSS5.5AI score0.00101EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.11 views

CVE-2026-10783

A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function saveaudiotocache of the component Audio Cache Key Handler. Performing a manipulation results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high...

2.5CVSS4.6AI score0.00106EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.11 views

CVE-2026-10812

A vulnerability was detected in zilliztech GPTCache up to 0.1.44. Affected by this issue is the function BufferedReader.peek of the file gptcache/processor/pre.py of the component Cache Key Handler. Performing a manipulation of the argument inputdata"image" results in use of weak hash. The attack...

3.6CVSS4.8AI score0.00075EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.10 views

CVE-2026-39972

Mercure is a protocol for pushing data updates to web browsers and other HTTP clients in a battery-efficient way. Prior to 0.22.0, a cache key collision vulnerability in TopicSelectorStore allows an attacker to poison the match result cache, potentially causing private updates to be delivered to...

7.1CVSS5.4AI score0.00341EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 3:16 p.m.13 views

CVE-2026-10812

A vulnerability was detected in zilliztech GPTCache up to 0.1.44. Affected by this issue is the function BufferedReader.peek of the file gptcache/processor/pre.py of the component Cache Key Handler. Performing a manipulation of the argument inputdata"image" results in use of weak hash. The attack...

3.6CVSS0.00075EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/04 2:15 p.m.37 views

CVE-2026-10812 zilliztech GPTCache Cache Key pre.py BufferedReader.peek weak hash

A vulnerability was detected in zilliztech GPTCache up to 0.1.44. Affected by this issue is the function BufferedReader.peek of the file gptcache/processor/pre.py of the component Cache Key Handler. Performing a manipulation of the argument inputdata"image" results in use of weak hash. The attack...

3.6CVSS0.00075EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/04 2:15 p.m.11 views

CVE-2026-10812 zilliztech GPTCache Cache Key pre.py BufferedReader.peek weak hash

A vulnerability was detected in zilliztech GPTCache up to 0.1.44. Affected by this issue is the function BufferedReader.peek of the file gptcache/processor/pre.py of the component Cache Key Handler. Performing a manipulation of the argument inputdata"image" results in use of weak hash. The attack...

3.6CVSS5.1AI score0.00075EPSS
Exploits0References7
CVE
CVE
added 2026/06/04 2:15 p.m.26 views

CVE-2026-10812

CVE-2026-10812 affects zilliztech GPTCache up to 0.1.44. The vulnerability concerns the function BufferedReader.peek in gptcache/processor/pre.py within the Cache Key Handler. By manipulating input_data["image"], a weak hash is used. Exploitation is described as local, high complexity, and public...

3.6CVSS5.1AI score0.00075EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:0 a.m.7 views

CVE-2026-10801

A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template.savepilimage of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A hig...

3.6CVSS4.9AI score0.00075EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder