324 matches found
CVE-2025-31763
Cross-Site Request Forgery CSRF vulnerability in Preliot Cache control by Cacholong cache-control-by-cacholong allows Cross Site Request Forgery.This issue affects Cache control by Cacholong: from n/a through = 5.4.1...
CVE-2025-31764
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Preliot Cache control by Cacholong cache-control-by-cacholong allows Stored XSS.This issue affects Cache control by Cacholong: from n/a through = 5.4.1...
CVE-2025-31764
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Preliot Cache control by Cacholong cache-control-by-cacholong allows Stored XSS.This issue affects Cache control by Cacholong: from n/a through = 5.4.1...
CVE-2025-31764 WordPress Cache control by Cacholong plugin <= 5.4.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Preliot Cache control by Cacholong cache-control-by-cacholong allows Stored XSS.This issue affects Cache control by Cacholong: from n/a through = 5.4.1...
CVE-2025-31763 WordPress Cache control by Cacholong Plugin <= 5.4.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Preliot Cache control by Cacholong cache-control-by-cacholong allows Cross Site Request Forgery.This issue affects Cache control by Cacholong: from n/a through = 5.4.1...
PT-2025-14151 · Cacholong · Cache Control
Name of the Vulnerable Software and Affected Versions: Cache control by Cacholong versions n/a through 5.4.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker c...
WordPress plugin Cache control by Cacholong 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin...
WordPress plugin Cache control by Cacholong 跨站请求伪造漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists...
PT-2025-14150 · Cacholong · Cache Control
Name of the Vulnerable Software and Affected Versions: Cache control by Cacholong versions n/a through 5.4.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows for Cross Site Request Forgery. This means an attacker can trick a user into performing unintended...
Take control of Cache-Control and local caching
TL;DR Caching speeds up website content delivery What caching directives are and how to use them The No-cache directive does not prevent caching The No-store directiveprevents caching Introduction The HTTP Cache-Control header is sometimes misunderstood. It's important because it is used to speci...
Insufficiently Protected Credentials
leantime/leantime is vulnerable to Insufficiently Protected Credentials. The vulnerability is due to improper cache control where an attacker can view sensitive information even if they are not logged into the account anymore...
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to improper cache control. An attacker can view sensitive information even if they are not logged into the account anymore. Remediation Upgrade leantime/leantime to version 3.3 or higher...
GHSA-H6W8-27PH-C385 Leantime has Insufficiently Protected Credentials
Due to improper cache control an attacker can view sensitive information even if they are not logged into the account anymore. Additional Information: 1.The issue was identified during routine security testing. 2.This vulnerability poses a significant risk to user privacy and data security...
Leantime has Insufficiently Protected Credentials
Due to improper cache control an attacker can view sensitive information even if they are not logged into the account anymore. Additional Information: 1.The issue was identified during routine security testing. 2.This vulnerability poses a significant risk to user privacy and data security...
Nextcloud: Sensitive Information Disclosure via Back Button Post Logout on https://apps.nextcloud.com/account/
A cache control vulnerability was identified on the https://apps.nextcloud.com/account/ page. After logging out, sensitive information such as the user's first name, last name, and email address remained accessible by using the browser's back button. This occurred due to improper caching of...
SUSE SLES15 / openSUSE 15 Security Update : tomcat (SUSE-SU-2025:0058-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0058-1 advisory. Update to Tomcat 9.0.98 - Fixed CVEs: - CVE-2024-54677: DoS in examples web application bsc1234664 - CVE-2024-50379:...
PT-2025-42553
Name of the Vulnerable Software and Affected Versions mediawiki affected versions not specified Description The software has a potential issue related to setting the cache-control value of max-age=60 for redirects. This could potentially lead to unintended caching behavior. Recommendations At the...
BIT-RAILS-2024-26144 Possible Sensitive Session Information Leak in Active Storage
Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...
rubygem-activestorage: Possible Sensitive Session Information Leak in Active Storage
A flaw was found in Active Storage that may lead to a sensitive session information leak. By default, Active Storage sends a Set-Cookie header along with the user’s session cookie when serving blobs and sets Cache-Control to public. Certain proxies may cache Set-Cookie, leading to an information...
CentOS 7 : python-flask (RHSA-2023:3525)
The remote CentOS Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:3525 advisory. - Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be...