150 matches found
CVE-2026-48587 Potential exposure of private data via whitespace padding in Vary header
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...
CVE-2026-35193
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...
PT-2026-45938
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an error in DMA synchronization direction in the crypto Atmel-TDES module. This vulnerability may...
MAL-2026-4653 Malicious code in qaq-core-util-v2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41cf368bbc06ee2a9e0d2a9b2030d7604a41af7ed5fed253d48a0d9ff41f92f6 lib/memcached.js exports getCacheRedis, getCacheDataRedis, and setCacheRedis. Each function's signature accepts a cachedUrl parameter, but the...
Unity Linux 20.1070e Security Update: infinispan (UTSA-2026-016716)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016716 advisory. It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker cou...
EUVD-2026-30817
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache bytes using pickle.loads without integrity/authenticity checks. The write path serializes values with...
SUSE SLES12 Security Update : dnsmasq (SUSE-SU-2026:1826-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:1826-1 advisory. This update for dnsmasq fixes the following issue: - CVE-2026-2291: VU471747: dnsmasq can be abused to record false cached data enabling DoS or attacke...
SUSE-SU-2026:21626-1 Security update for dnsmasq
This update for dnsmasq fixes the following issues: Security issues: - CVE-2023-49441: integer overflow via forwardquery bsc1226091. - CVE-2026-2291: VU471747: dnsmasq can be abused to record false cached data enabling DoS or attacker redirect bsc1258251. Non security issue: - Reintroduce nogroup...
SUSE-SU-2026:21633-1 Security update for dnsmasq
This update for dnsmasq fixes the following issues: - CVE-2026-2291: Fixed a bug that could have been abused to record false cached data enabling DoS or attacker redirect. bsc1258251...
SUSE-SU-2026:1828-1 Security update for dnsmasq
This update for dnsmasq fixes the following issue: - CVE-2026-2291: VU471747: dnsmasq can be abused to record false cached data enabling DoS or attacker redirect bsc1258251...
SUSE-SU-2026:1827-1 Security update for dnsmasq
This update for dnsmasq fixes the following issue: - CVE-2026-2291: VU471747: dnsmasq can be abused to record false cached data enabling DoS or attacker redirect bsc1258251...
SUSE-SU-2026:1826-1 Security update for dnsmasq
This update for dnsmasq fixes the following issue: - CVE-2026-2291: VU471747: dnsmasq can be abused to record false cached data enabling DoS or attacker redirect bsc1258251...
DEBIAN-CVE-2026-42254
Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response...
CVE-2026-42254
Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response...
CVE-2026-42254
Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response...
CVE-2026-42254
The CVE affects Hickory DNS hickory-recursor versions 0.1 through 0.25.2. The root cause is cross-zone poisoning caused by cached data not being directly associated with the query that triggered the response, enabling manipulation of cached responses. Impact is limited to information integrity in...
EUVD-2026-25687
Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response...
CVE-2026-42254
Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response...
PT-2026-35193
Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response...