Lucene search
K

1366 matches found

OSV
OSV
added 2026/06/03 2:16 p.m.11 views

PYSEC-2026-201

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their...

5.3CVSS5.4AI score0.00285EPSS
Exploits0References3
PyPA
PyPA
added 2026/06/03 2:16 p.m.18 views

PYSEC-2026-197

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6.django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

3.1CVSS5.4AI score0.00359EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/03 2:16 p.m.26 views

CVE-2026-35193

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

3.1CVSS0.00359EPSS
Exploits0References3
OSV
OSV
added 2026/06/03 2:16 p.m.12 views

PYSEC-2026-197

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

2.3CVSS5.4AI score0.00359EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/03 1:16 p.m.8 views

CVE-2026-48587 Potential exposure of private data via whitespace padding in Vary header

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

3.1CVSS5.8AI score0.00354EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/03 1:16 p.m.7 views

CVE-2026-48587

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

3.1CVSS5.8AI score0.00354EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/03 1:16 p.m.6 views

CVE-2026-35193

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

3.1CVSS5.8AI score0.00359EPSS
Exploits0References4Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/03 1:16 p.m.9 views

CVE-2026-35193

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

3.1CVSS5.4AI score0.00359EPSS
Exploits0
EUVD
EUVD
added 2026/06/03 1:16 p.m.14 views

EUVD-2026-34088

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their...

3.1CVSS5.8AI score0.00285EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/03 1:16 p.m.16 views

CVE-2026-8404

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their...

3.1CVSS5.8AI score0.00285EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.9 views

Django 安全漏洞

Django is a set of open-source web application frameworks based on the Python language, developed by the Django Foundation. This framework includes an object-oriented mapper, view system, template system, etc. Versions of Django prior to 5.2.15 and 6.0 prior to 6.0.6 contained security...

5.3CVSS5.4AI score0.00354EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.19 views

PT-2026-45938

Name of the Vulnerable Software and Affected Versions Django versions prior to 5.2.15 Django versions prior to 6.0.6 Description An issue exists in django.middleware.cache.UpdateCacheMiddleware where the Authorization header is not added to the Vary response header for requests that include that...

5.3CVSS5.5AI score0.00359EPSS
Exploits0References40
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.25 views

Linux Distros Unpatched Vulnerability : CVE-2026-35193

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to...

3.1CVSS5.8AI score0.00359EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.17 views

PT-2026-45755

A vulnerability has been identified in RUGGEDCOM RST2428P 6GK6242-6PA00 All versions V4.0. The affected applications stores sensitive information in the browser cache when an authenticated user modify specific configurations. This could allow an authenticated attacker to access sensitive data...

5.9CVSS5.7AI score0.00194EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/05/29 8:7 a.m.10 views

ip6_gre: Use cached t->net in ip6erspan_changelink().

...

7.8CVSS5.4AI score0.00126EPSS
Exploits0
EUVD
EUVD
added 2026/05/29 3:39 a.m.13 views

EUVD-2026-33248

The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in all versions up to, and including, 2.5.2 This is due to improper verification of the wordpressloggedin cookie in the inc/cache/execute-cache.php file when the "Cache Logged-in Users"...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/29 3:39 a.m.38 views

CVE-2026-2128 Breeze Cache <= 2.5.2 - Unauthenticated Exposure of Sensitive Information to an Unauthorized Actor via Crafted Login Cookie

The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in all versions up to, and including, 2.5.2 This is due to improper verification of the wordpressloggedin cookie in the inc/cache/execute-cache.php file when the "Cache Logged-in Users"...

5.3CVSS0.00273EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/05/28 9:35 a.m.13 views

CVE-2026-46120

In the Linux kernel, the following vulnerability has been resolved: ip6gre: Use cached t-net in ip6erspanchangelink. After commit 5e72ce3e3980 "net: ipv6: Use link netns in newlink of rtnllinkops", ip6erspannewlink correctly resolves the per-netns ip6gre hash via linknet. ip6erspanchangelink was...

7.8CVSS5.7AI score0.00126EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/05/28 8:10 a.m.9 views

KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2

...

5.5CVSS5.4AI score0.00123EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/05/28 3:54 a.m.13 views

SUSE CVE-2026-45987

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2 After VMRUN in guest mode, nestedsynccontrolfromvmcb02 syncs fields written by the CPU from vmcb02 to the cached vmcb12. This is because the cached vmcb12 is use...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References3
Rows per page
Query Builder