18 matches found
CVE-2026-62390
Apache Kylin vulnerability CVE-2026-62390 is a SQL Injection flaw in the Catalog Cache Refresh API. Affected versions are 4 through 5.0.3; upgrading to 5.0.4 fixes the issue. The issue arises from improper neutralization of special elements in SQL commands used by the backend API that refreshes t...
PT-2026-57979
Name of the Vulnerable Software and Affected Versions Apache Kylin versions 4 through 5.0.3 Description An OS Command Injection issue exists where a backend API allows job configuration parameters to be passed directly to the OS command line without proper neutralization of special elements. OS...
PT-2026-57978
Name of the Vulnerable Software and Affected Versions Apache Kylin versions 4 through 5.0.3 Description An SQL Injection issue exists where improper neutralization of special elements used in an SQL command occurs. This happens when a backend API refreshes the table catalog, which may lead to the...
EUVD-2025-12889
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-53052
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cifs: fix use-after-free bug in refreshcacheworker The UAF bug occurred because we were putting DFS root sessions in cifsumount while DFS cache refresher was...
SUSE CVE-2023-53052
In the Linux kernel, the following vulnerability has been resolved: cifs: fix use-after-free bug in refreshcacheworker The UAF bug occurred because we were putting DFS root sessions in cifsumount while DFS cache refresher was being executed. Make DFS root sessions have same lifetime as DFS tcons ...
CVE-2023-53052
CVE-2023-53052 is a Linux kernel vulnerability in the CIFS/DFS codebase, where a use-after-free (UAF) bug occurred when DFS root sessions were kept alive in cifs_umount() during the DFS cache refresher. The fix makes DFS root sessions have the same lifetime as DFS tcons to prevent IPCs from acces...
DEBIAN-CVE-2022-49882
In the Linux kernel, the following vulnerability has been resolved: KVM: Reject attempts to consume or refresh inactive gfntopfncache Reject kvmgpccheck and kvmgpcrefresh if the cache is inactive. Not checking the active flag during refresh is particularly egregious, as KVM can end up with a vali...
SUSE CVE-2025-22149
JWK Set JSON Web Key Set is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use...
JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh
The project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use cases that utilize the provided auto-caching HTTP client and where key removal fr...
WEM Service : Unable to connect to the Citrix WEM cloud connectors
Unable to refresh the cache of the WEM agent which uses proxy for Internet access Cache refresh is possible on the WEM agent with direct Internet access...
CVE-2020-15853
supybot-fedora implements the command 'refresh', that refreshes the cache of all users from FAS. This takes quite a while to run, and zodbot stops responding to requests during this time...
PT-2022-8578 · Unknown · Supybot-Fedora
Name of the Vulnerable Software and Affected Versions: supybot-fedora affected versions not specified Description: The issue is related to the 'refresh' command in supybot-fedora, which refreshes the cache of all users from FAS. This process takes a significant amount of time to complete, causing...
CVE-2020-15853
supybot-fedora implements the command 'refresh', that refreshes the cache of all users from FAS. This takes quite a while to run, and zodbot stops responding to requests during this time...
Wordpress Popular Posts Authenticated RCE
This exploit requires Metasploit to have a FQDN and the ability to run a payload web server on port 80, 443, or 8080. The FQDN must also not resolve to a reserved address 192/172/127/10. The server must also respond to a HEAD request for the payload, prior to getting a GET request. This exploit...
WEM Agent Connection error: "Broker Server Name or Broker Port Error"
WEM Agent fails to connect to the WEM Broker and shows the following error when manually refreshing the WEM cache using this command: AgentCacheUtility.exe -refreshcache: "Broker Server Name or Broker Port Error"...
CVE-1999-0993
The CVE-1999-0993 entry concerns Microsoft Exchange 5.5 where changes to ACLs do not take effect until the directory store cache is refreshed. Connected PT-1999-1512 confirms affected software: Microsoft Exchange 5.5, with the behavior that ACL modifications only apply after refreshing the direct...
PT-1999-1512 · Microsoft · Exchange Server
Name of the Vulnerable Software and Affected Versions: Microsoft Exchange version 5.5 Description: The issue concerns modifications to ACLs Access Control Lists in Microsoft Exchange. These modifications do not take effect until the directory store cache is refreshed. Recommendations: For Microso...