CVE-2026-2128 Breeze Cache <= 2.5.2 - Unauthenticated Exposure of Sensitive Information to an Unauthorized Actor via Crafted Login Cookie

The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in all versions up to, and including, 2.5.2 This is due to improper verification of the wordpressloggedin cookie in the inc/cache/execute-cache.php file when the "Cache Logged-in Users"...

EUVD-2026-33248

The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in all versions up to, and including, 2.5.2 This is due to improper verification of the wordpressloggedin cookie in the inc/cache/execute-cache.php file when the "Cache Logged-in Users"...

Operation on a Resource after Expiration or Release

Overview mattermost-redux is a Common code API client, Redux stores, logic, utility functions for building a Mattermost client Affected versions of this package are vulnerable to Operation on a Resource after Expiration or Release in the permalink preview process. An attacker can access private...

webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects → SSRF + cache persistence

Summary When experiments.buildHttp is enabled, webpack’s HTTPS resolver HttpUriPlugin enforces allowedUris only for the initial URL, but does not re-validate allowedUris after following HTTP 30x redirects. As a result, an import that appears restricted to a trusted allow-list can be redirected to...

Mastodon 安全漏洞

Mastodon is an open-source social networking server based on ActivityPub. Versions of Mastodon prior to 4.3.19, 4.4.13, and 4.5.6 have security vulnerabilities. These vulnerabilities stem from web cache poisoning, which may lead to incorrect reuse of cached content...

EUVD-2021-25549

Malware in sbrugna...

EUVD-2010-1339

Malware in sbrugna...

varnish: request smuggling attacks

A vulnerability was found in Varnish Cache. This vulnerability may allow request smuggling attacks, where a malicious actor can craft seemingly legitimate HTTP requests. This issue could result in an unspecified system caching incorrect content that can expose confidential information...

varnish: request smuggling attacks

A vulnerability was found in Varnish Cache. This vulnerability may allow request smuggling attacks, where a malicious actor can craft seemingly legitimate HTTP requests. This issue could result in an unspecified system caching incorrect content that can expose confidential information...

varnish: request smuggling attacks

A vulnerability was found in Varnish Cache. This vulnerability may allow request smuggling attacks, where a malicious actor can craft seemingly legitimate HTTP requests. This issue could result in an unspecified system caching incorrect content that can expose confidential information...

varnish: request smuggling attacks

A vulnerability was found in Varnish Cache. This vulnerability may allow request smuggling attacks, where a malicious actor can craft seemingly legitimate HTTP requests. This issue could result in an unspecified system caching incorrect content that can expose confidential information...

CVE-2010-1310

Opera 10.50 allows remote attackers to obtain sensitive information via crafted XSLT constructs, which cause Opera to return cached contents of other pages...

CVE-2022-39239

netlify-ipx is an on-Demand image optimization for Netlify using ipx. In versions prior to 1.2.3, an attacker can bypass the source image domain allowlist by sending specially crafted headers, causing the handler to load and return arbitrary images. Because the response is cached globally, this...

Permissions by Term - Moderately critical - Access bypass - SA-CONTRIB-2022-055

This module enables you to restrict content via taxonomy terms and related permissions. The module doesn't sufficiently restrict cached content in certain circumstances. This vulnerability is mitigated by the fact that it only occurs when multiple entity types are enabled in the module...

CVE-2021-39113

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after losing permissions, via a Broken Access Control vulnerability in the allowlist feature. The affected versions are before version 8.13.9, and from version 8.14....

PT-2021-22378 · Atlassian · Jira

Name of the Vulnerable Software and Affected Versions: Atlassian Jira Server and Data Center versions prior to 8.13.9 Atlassian Jira Server and Data Center versions 8.14.0 through 8.17.x Description: The issue allows anonymous remote attackers to continue viewing cached content even after losing...

Cached content persisting after disabling anonymous access for allowlist URLs - CVE-2021-39113

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after losing permissions, via a Broken Access Control vulnerability in the allowlist feature. The affected versions are before version 8.13.9, and from version...

Design/Logic Flaw

The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser for example via XSS or access cached contents may be able to obtain a copy of...

U.S. Dept Of Defense: Bypassed a fix to gain access to PII of more than 100 Officers

Summary: Hey team I hope this report finds you well and you're having a great day in these difficult times ; While doing my Recon I have found out that https://www.███/ is leaking PII of many Officers Severity according to me- Critical Step-by-step Reproduction Instructions 1. Go to...

Edgeworkers Use Story: Creating High-Performing, Individualized Campaign Responses in Online Retail

As campaigns and digital experiences become more individualized, they can create a challenge for delivering content to consumers at the highest velocity. Having each paid search, social media, and email marketing campaign add unique query string parameters to requests is critical for tracking the...