CVE-2025-54425 Umbraco's Delivery API allows for cached requests to be returned with an invalid API key

Umbraco is an ASP.NET CMS. In versions 13.0.0 through 13.9.2, 15.0.0 through 15.4.1 and 16.0.0 through 16.1.0, the content delivery API can be restricted from public access where an API key must be provided in a header to authorize the request. It's also possible to configure output caching, such...

CVE-2025-54425 Umbraco's Delivery API allows for cached requests to be returned with an invalid API key

Umbraco is an ASP.NET CMS. In versions 13.0.0 through 13.9.2, 15.0.0 through 15.4.1 and 16.0.0 through 16.1.0, the content delivery API can be restricted from public access where an API key must be provided in a header to authorize the request. It's also possible to configure output caching, such...

CVE-2025-54425

CVE-2025-54425 affects Umbraco’s Delivery API. When public access is restricted by an API key header and output caching is enabled, the cache does not vary by the API key header, potentially returning cached responses to users without a valid API key if a prior request with a valid key occurred. ...

GHSA-75VQ-QVHR-7FFR Umbraco Delivery API allows for cached requests to be returned with an invalid API key

Impact Umbraco's content delivery API can be restricted from public access such that an API key must be provided in a header to authorize the request. It's also possible to configure output caching, such that the delivery API outputs will be cached for a period of time, improving performance...

Umbraco Delivery API allows for cached requests to be returned with an invalid API key

Impact Umbraco's content delivery API can be restricted from public access such that an API key must be provided in a header to authorize the request. It's also possible to configure output caching, such that the delivery API outputs will be cached for a period of time, improving performance...

Low severity vulnerability that affects Gw2Sharp

Leaking cached authenticated requests Impact If you've been using one MemoryCacheMethod object in multiple instances of Gw2WebApiClient and are requesting authenticated endpoints with different access tokens, then you are likely to run into this bug. When using an instance of MemoryCacheMethod an...

squid: Information disclosure in HTTP request processing

It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a specially crafted request to an HTTP server via the squid proxy and steal private data from other connections...

squid: Information disclosure in HTTP request processing

It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a specially crafted request to an HTTP server via the squid proxy and steal private data from other connections...