182 matches found
CVE-2025-14806
IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attacker to trick the caching mechanism into storing and serving sensitive, user-specific responses as publicly cacheable resources...
EUVD-2026-15663
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Acato WP REST Cache wp-rest-cache allows Stored XSS.This issue affects WP REST Cache: from n/a through = 2026.1.0...
CVE-2026-32274 Black: Arbitrary file writes from unsanitized user input in cache file name
Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the...
CVE-2026-27838
wger is a free, open-source workout and fitness manager. Five routine detail action endpoints check a cache before calling self.getobject. In versions up to and including 2.4, ache keys are scoped only by pk — no user ID is included. When a victim has previously accessed their routine via the API...
langgraph 代码问题漏洞
Langgraph is a large-scale model framework developed by LangChain. Versions of Langgraph prior to 4.0.0 had code-related vulnerabilities. These vulnerabilities stemmed from the caching layer’s ability to deserialize cached values using pickle.loads when msgpack serialization fails, potentially...
CVE-2026-27205
Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs caches not to cache...
USN-8028-7: Linux kernel (Low Latency NVIDIA) vulnerabilities
It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. CVE-2024-36331 Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt...
PT-2026-21353
Name of the Vulnerable Software and Affected Versions Flask versions 3.1.2 and below Description Flask, a web server gateway interface WSGI web application framework, may improperly handle caching when accessing the session object. Specifically, it may fail to set the 'Vary: Cookie' header,...
GHSA-W8V5-VHQR-4H9V DiskCache has unsafe pickle deserialization
DiskCache python-diskcache through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache...
CVE-2026-24437
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 serve sensitive administrative content without appropriate cache-control directives. As a result, browsers may store credential-bearing responses locally, exposing them to subsequent unauthorized access...
Reachable Assertion
Overview Affected versions of this package are vulnerable to Reachable Assertion via the avahiwideareascancache process. An attacker can cause a crash of the daemon by sending crafted D-Bus requests that create record browsers with the AVAHILOOKUPUSEWIDEAREA flag set. Remediation A fix was pushed...
CVE-2019-2309
While storing calibrated data from firmware in cache, An integer overflow may occur since data length received may exceed real data length. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &...
Important: ecs-service-connect-agent
Issue Overview: There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPCARGTCPTXZEROCOPYENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission...
WordPress plugin Docket Cache 安全漏洞
WordPress Docket Cache plugin is a tool that focuses on object caching acceleration to improve website performance. A file inclusion vulnerability exists in WordPress Docket Cache plugin, which stems from not effectively filtering calls to local file resources, and can be exploited by an attacker...
CVE-2025-13377 10Web Booster <= 2.32.7 - Authenticated (Subscriber+) Arbitrary Folder Deletion via two_clear_page_cache
The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the getcachedirforpagefromurl function in all versions up to, and including, 2.32.7. This makes it possible for...
PT-2025-49240
The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to missing authorization in versions up to, and including, 3.1.3. This is due to the REST routes wslu/v1/check cache/type, wslu/v1/save cache/type, and wslu/v1/settings/clear counter cache being registered with...
Use of Web Browser Cache Containing Sensitive Information
Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Use of Web Browser Cache Containing Sensitive Information via the HTTP header Cache-Control: public, which may be applied by a...
OESA-2025-2632 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: SUNRPC: make sure cache entry active before cacheshow The function cshow was called with protection from RCU. This only ensures that cp will not be freed...
CVE-2025-30189
When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...
UBUNTU-CVE-2025-30189
When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...