Lucene search
K

31 matches found

OSV
OSV
added 2026/07/06 12:0 a.m.5 views

ALSA-2026:35891 Important: nodejs:24 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...

9.8CVSS6.5AI score0.02806EPSS
Exploits1References32
EUVD
EUVD
added 2026/03/28 12:30 p.m.9 views

EUVD-2026-16911

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose sensitive information in web management responses. Administrative credentials, including the router and/or admin panel password, are included in plaintext within configuration response bodies. In addition, responses lack...

6.8CVSS5.9AI score0.00297EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/02/03 7:11 p.m.12 views

CVE-2026-24427 Tenda AC7 Exposes Admin Credentials in Configuration Responses

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose sensitive information in web management responses. Administrative credentials, including the router and/or admin panel password, are included in plaintext within configuration response bodies. In addition, responses lack...

6.8CVSS5.4AI score0.00118EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/28 9:17 p.m.6 views

CVE-2026-24472

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control...

5.3CVSS5.9AI score0.00457EPSS
Exploits0References1
NVD
NVD
added 2026/01/27 8:16 p.m.6 views

CVE-2026-24472

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control...

5.3CVSS0.00457EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/27 7:34 p.m.7 views

EUVD-2026-4750

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control...

5.3CVSS5.9AI score0.00457EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/27 7:34 p.m.6 views

CVE-2026-24472

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control...

5.3CVSS5.9AI score0.00457EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/01 10:24 p.m.5 views

CVE-2025-65681

An issue was discovered in Overhang.IO tutor-open-edx overhangio/tutor 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks...

3.3CVSS6.6AI score0.00195EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/26 9:31 p.m.6 views

EUVD-2025-199747

An issue was discovered in Overhang.IO tutor-open-edx overhangio/tutor 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks...

6AI score0.00195EPSS
Exploits0References4
Snyk
Snyk
added 2025/11/26 7:41 p.m.3 views

Use of Cache Containing Sensitive Information

Overview tutor is a The Docker-based Open edX distribution designed for peace of mind Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to the absence of proper cache-control HTTP headers and insufficient client-side session validation. An...

4.6CVSS6.5AI score0.00195EPSS
Exploits0References2
NVD
NVD
added 2025/11/26 7:15 p.m.6 views

CVE-2025-65681

An issue was discovered in Overhang.IO tutor-open-edx overhangio/tutor 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks...

3.3CVSS0.00195EPSS
Exploits0References3
PyPA
PyPA
added 2025/11/26 7:15 p.m.32 views

PYSEC-2025-219

An issue was discovered in Overhang.IO tutor-open-edx overhangio/tutor 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks...

3.3CVSS5.8AI score0.00195EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/11/26 7:15 p.m.12 views

PYSEC-2025-219

An issue was discovered in Overhang.IO tutor-open-edx overhangio/tutor 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks...

3.3CVSS5.8AI score0.00195EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.9 views

PT-2025-48178

Name of the Vulnerable Software and Affected Versions Overhang.IO tutor-open-edx version 20.0.2 Description A security issue exists in Overhang.IO tutor-open-edx version 20.0.2 that could allow local unauthorized attackers to access sensitive information. This is due to missing cache-control HTTP...

3.3CVSS5.8AI score0.00195EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/10/31 11:34 p.m.11 views

CVE-2025-62276

The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions uses an incorrect cache-control heade...

4.6CVSS0.00123EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-7292

Malware in sbrugna...

2.1CVSS6.3AI score0.00539EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-5838

Malicious code in bioql PyPI...

3.1CVSS3.8AI score0.01302EPSS
Exploits0References11
Veracode
Veracode
added 2025/06/05 3:18 p.m.9 views

Sensitive Information Disclosure

@auth0/nextjs-auth0 is vulnerable to Sensitive Information Disclosure. The vulnerability is due to missing cache control headers due to session cookies being cached by CDNs, potentially exposing sensitive session information to unauthorized users...

7.7CVSS5.9AI score0.00364EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/06/04 8:14 p.m.70 views

CVE-2025-48947

The CVE describes a vulnerability in the Auth0 Next.js SDK (auth0/nextjs-auth0) affecting versions 4.0.1–4.6.0 where __session cookies set by auth0.middleware can be cached by CDNs due to missing Cache-Control headers. Preconditions require: (1) use of the NextJS-Auth0 SDK, (2) CDN/edge caching o...

7.7CVSS6.6AI score0.00364EPSS
Exploits0References1
NVD
NVD
added 2025/05/14 11:15 p.m.21 views

CVE-2025-32421

Next.js is a React framework for building full-stack web applications. Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This issue only affects the Pages Router under certain misconfigurations, causing normal endpoints to serve pageProps data instead of standard HTML. Thi...

3.7CVSS0.00666EPSS
Exploits2References2
Rows per page
Query Builder