324 matches found
EUVD-2025-199747
An issue was discovered in Overhang.IO tutor-open-edx overhangio/tutor 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks...
Use of Cache Containing Sensitive Information
Overview tutor is a The Docker-based Open edX distribution designed for peace of mind Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to the absence of proper cache-control HTTP headers and insufficient client-side session validation. An...
PYSEC-2025-219
An issue was discovered in Overhang.IO tutor-open-edx overhangio/tutor 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks...
CVE-2025-65681
An issue was discovered in Overhang.IO tutor-open-edx overhangio/tutor 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks...
PYSEC-2025-219
An issue was discovered in Overhang.IO tutor-open-edx overhangio/tutor 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks...
CVE-2025-65681
An issue was discovered in Overhang.IO tutor-open-edx overhangio/tutor 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks...
CVE-2025-65681
An issue was discovered in Overhang.IO tutor-open-edx overhangio/tutor 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks...
Tutor 安全漏洞
Tutor is an Overhang.IO open source tool for deploying and managing the Open edX platform. A security vulnerability exists in Tutor version 20.0.2, which stems from the lack of proper cache control HTTP headers and client-side session checking, and could lead to a local unauthorized attacker...
CVE-2025-65681
Overhang.IO/tutor-open-edx (Overhang.IO) 20.0.2 is affected. The issue arises from missing cache-control HTTP headers and inadequate client-side session checks, enabling local unauthorized attackers to access sensitive information. Multiple sources corroborate this description. The available docu...
PT-2025-48178
Name of the Vulnerable Software and Affected Versions Overhang.IO tutor-open-edx version 20.0.2 Description A security issue exists in Overhang.IO tutor-open-edx version 20.0.2 that could allow local unauthorized attackers to access sensitive information. This is due to missing cache-control HTTP...
Drupal core - Moderately critical - Information disclosure - SA-CORE-2025-008
The core system module handles downloads of private and temporary files. Contrib modules can define additional kinds of files schemes that may also be handled by the system module. In some cases, files may be served with the HTTP header Cache-Control: public when they should be uncacheable. This...
BIT-DISCOURSE-2025-61598 Discourse is missing Cache-Control response header on error responses
Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning...
CVE-2025-62276
The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions uses an incorrect cache-control heade...
EUVD-2025-37404
The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions uses an incorrect cache-control heade...
Use of Web Browser Cache Containing Sensitive Information
Overview Affected versions of this package are vulnerable to Use of Web Browser Cache Containing Sensitive Information due to using an incorrect cache-control header. A local attacker can gain unauthorized access to previously downloaded files by retrieving them from the browser's cache...
Use of Web Browser Cache Containing Sensitive Information
Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Use of Web Browser Cache Containing Sensitive Information due to using an incorrect cache-control header. A local attacker can gain unauthorized access to previous...
GHSA-6533-FHR2-F38H Liferay Portal and DXP use an incorrect cache-control header
The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions uses an incorrect cache-control heade...
Liferay Portal and DXP use an incorrect cache-control header
The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions uses an incorrect cache-control heade...
CVE-2025-62276
The CVE-2025-62276 issue affects Liferay Portal and DXP: Document Library and Adaptive Media modules expose a misconfigured cache-control header across multiple versions (Liferay Portal 7.4.0–7.4.3.111 and legacy DXP releases up to 2023.Q4.10, plus 7.4 GA up to update 92). This header flaw enable...
CVE-2025-62276
The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions uses an incorrect cache-control heade...