Lucene search
K

182 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:13 p.m.5 views

CVE-2025-14806

IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attacker to trick the caching mechanism into storing and serving sensitive, user-specific responses as publicly cacheable resources...

5.7CVSS5.8AI score0.00292EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 6:31 p.m.5 views

EUVD-2026-15663

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Acato WP REST Cache wp-rest-cache allows Stored XSS.This issue affects WP REST Cache: from n/a through = 2026.1.0...

7.1CVSS5.8AI score0.00175EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/12 7:47 p.m.41 views

CVE-2026-32274 Black: Arbitrary file writes from unsanitized user input in cache file name

Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the...

8.7CVSS0.00572EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/28 1:56 a.m.11 views

CVE-2026-27838

wger is a free, open-source workout and fitness manager. Five routine detail action endpoints check a cache before calling self.getobject. In versions up to and including 2.4, ache keys are scoped only by pk — no user ID is included. When a victim has previously accessed their routine via the API...

3.5CVSS6AI score0.00245EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.8 views

langgraph 代码问题漏洞

Langgraph is a large-scale model framework developed by LangChain. Versions of Langgraph prior to 4.0.0 had code-related vulnerabilities. These vulnerabilities stemmed from the caching layer’s ability to deserialize cached values using pickle.loads when msgpack serialization fails, potentially...

6.6CVSS7.6AI score0.00698EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/21 6:17 a.m.8 views

CVE-2026-27205

Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs caches not to cache...

4.3CVSS6.5AI score0.00374EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2026/02/19 12:29 p.m.10 views

USN-8028-7: Linux kernel (Low Latency NVIDIA) vulnerabilities

It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. CVE-2024-36331 Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt...

9.8CVSS8.1AI score0.09796EPSS
Exploits8
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.12 views

PT-2026-21353

Name of the Vulnerable Software and Affected Versions Flask versions 3.1.2 and below Description Flask, a web server gateway interface WSGI web application framework, may improperly handle caching when accessing the session object. Specifically, it may fail to set the 'Vary: Cookie' header,...

4.3CVSS5.8AI score0.00374EPSS
Exploits0References191
OSV
OSV
added 2026/02/11 9:30 p.m.4 views

GHSA-W8V5-VHQR-4H9V DiskCache has unsafe pickle deserialization

DiskCache python-diskcache through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache...

7CVSS7.6AI score0.00521EPSS
Exploits1References3
NVD
NVD
added 2026/01/26 6:16 p.m.5 views

CVE-2026-24437

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 serve sensitive administrative content without appropriate cache-control directives. As a result, browsers may store credential-bearing responses locally, exposing them to subsequent unauthorized access...

5.5CVSS0.00154EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/12 6:43 p.m.3 views

Reachable Assertion

Overview Affected versions of this package are vulnerable to Reachable Assertion via the avahiwideareascancache process. An attacker can cause a crash of the daemon by sending crafted D-Bus requests that create record browsers with the AVAHILOOKUPUSEWIDEAREA flag set. Remediation A fix was pushed...

6.8CVSS6.4AI score0.0014EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:13 a.m.8 views

CVE-2019-2309

While storing calibrated data from firmware in cache, An integer overflow may occur since data length received may exceed real data length. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &...

9.8CVSS7.8AI score0.00742EPSS
Exploits0References1
Amazon
Amazon
added 2026/01/05 12:0 a.m.7 views

Important: ecs-service-connect-agent

Issue Overview: There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPCARGTCPTXZEROCOPYENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission...

9.8CVSS7.5AI score0.01218EPSS
Exploits7
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.5 views

WordPress plugin Docket Cache 安全漏洞

WordPress Docket Cache plugin is a tool that focuses on object caching acceleration to improve website performance. A file inclusion vulnerability exists in WordPress Docket Cache plugin, which stems from not effectively filtering calls to local file resources, and can be exploited by an attacker...

8.1CVSS6.2AI score0.00412EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/06 6:39 a.m.24 views

CVE-2025-13377 10Web Booster <= 2.32.7 - Authenticated (Subscriber+) Arbitrary Folder Deletion via two_clear_page_cache

The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the getcachedirforpagefromurl function in all versions up to, and including, 2.32.7. This makes it possible for...

9.6CVSS0.00489EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.9 views

PT-2025-49240

The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to missing authorization in versions up to, and including, 3.1.3. This is due to the REST routes wslu/v1/check cache/type, wslu/v1/save cache/type, and wslu/v1/settings/clear counter cache being registered with...

5.3CVSS5.7AI score0.00341EPSS
Exploits0References3
Snyk
Snyk
added 2025/11/18 5:43 p.m.3 views

Use of Web Browser Cache Containing Sensitive Information

Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Use of Web Browser Cache Containing Sensitive Information via the HTTP header Cache-Control: public, which may be applied by a...

3.7CVSS6.7AI score0.00249EPSS
Exploits0References2
OSV
OSV
added 2025/11/07 12:30 p.m.7 views

OESA-2025-2632 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: SUNRPC: make sure cache entry active before cacheshow The function cshow was called with protection from RCU. This only ensures that cp will not be freed...

7.8CVSS7.6AI score0.00246EPSS
Exploits0References10
NVD
NVD
added 2025/10/31 9:15 a.m.4 views

CVE-2025-30189

When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...

7.4CVSS0.00548EPSS
Exploits0References3
OSV
OSV
added 2025/10/31 9:15 a.m.5 views

UBUNTU-CVE-2025-30189

When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...

7.4CVSS5.8AI score0.00548EPSS
Exploits0References2
Rows per page
Query Builder