EUVD-2026-30656

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHEDIR/audio/transcriptions/.. The /cache/path route serve...

BIT-AUTHENTIK-2025-29928 authentik's deletion of sessions did not revoke sessions when using database session storage

authentik is an open-source identity provider. Prior to versions 2024.12.4 and 2025.2.3, when authentik was configured to use the database for session storage which is a non-default setting, deleting sessions via the Web Interface or the API would not revoke the session and the session holder wou...

Authlib: Cross-site request forging when using cache

Summary There is no CSRF protection on the cache feature on most integrations clients. Details In authlib.integrations.starletteclient.OAuth, no CSRF protection is set up when using the cache parameter. When not using the cache parameter, the use of SessionMiddleware ties the client to the auth...

CVE-2025-36364

IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system...

SUSE CVE-2025-68158

Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state easily obtainable via an attacker-initiated...

EUVD-2025-206267

Authlib has 1-click Account Takeover vulnerability...

CVE-2025-68158

Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state easily obtainable via an attacker-initiated...

CVE-2025-68158 Authlib: 1-click Account Takeover

Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state easily obtainable via an attacker-initiated...

CVE-2025-68158

Authlib’s OAuth/OpenID Connect implementation is affected in versions

CVE-2025-68158 Authlib: 1-click Account Takeover

Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state easily obtainable via an attacker-initiated...

CVE-2025-37728 Kibana Insufficiently Protected Credentials in the CrowdStrike Connector

Insufficiently Protected Credentials in the Crowdstrike connector can lead to Crowdstrike credentials being leaked. A malicious user can access cached credentials from a Crowdstrike connector in another space by creating and running a Crowdstrike connector in a space to which they have access...

Session Fixation

Overview Affected versions of this package are vulnerable to Session Fixation when database session storage is enabled - which it is not by default. A user whose session has been deleted via web interface or API can continue to access the session. User sessions that are automatically deleted due ...

Session Fixation

Overview Affected versions of this package are vulnerable to Session Fixation when database session storage is enabled - which it is not by default. A user whose session has been deleted via web interface or API can continue to access the session. User sessions that are automatically deleted due ...

PT-2025-12554

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2024.12.4 authentik versions prior to 2025.2.3 Description The issue arises when authentik is configured to use the database for session storage, a non-default setting. In this configuration, deleting sessions via t...

Failure to Store Cache on Local Hard Drive

Even after selecting “cache is on device hard drive”, cache is getting stored on the Provisioning Service PVS server. The following screen shot shows the virtual disk status:...

CVE-2024-23193

E-Mails exported as PDF were stored in a cache that did not consider specific session information for the related user account. Users of the same service node could access other users E-Mails in case they were exported as PDF for a brief moment until caches were cleared. Successful exploitation...

FreeBSD : py-flask-caching -- remote code execution or local privilege escalation vulnerabilities (692a5fd5-bb25-4df4-8a0e-eb91581f2531)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 692a5fd5-bb25-4df4-8a0e-eb91581f2531 advisory. - DISPUTED The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, whi...

SUSE CVE-2021-33026

The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage e.g., filesystem, Memcached, Redis, etc., they can construct a crafted payload, poison the...

SUSE CVE-2022-42930

If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the ThirdPartyUtil component. This vulnerability affects Firefox 106...

CVE-2022-42930

If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the ThirdPartyUtil component. This vulnerability affects Firefox 106...