Lucene search
K

3337 matches found

Nuclei
Nuclei
added yesterday42 views

WordPress Varnish/Nginx Proxy Caching <= 1.8.3 - Information Exposure

Razvan Stanga Varnish/Nginx Proxy Caching = 1.8.3 contains an insertion of sensitive information into sent data vulnerability caused by improper handling of embedded sensitive data, letting attackers retrieve sensitive information, exploit requires crafted requests. id: CVE-2025-62126 info: name:...

5.3CVSS6.1AI score0.00659EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 4 days ago8 views

CVE-2026-48588

A flaw was found in Django. When django.middleware.cache.UpdateCacheMiddleware or django.views.decorators.cache.cachepage is in use, responses that set a cookie are not excluded from caching if the request includes any cookie, even when that cookie is unrelated to the response for example, a...

5.3CVSS6.1AI score0.00375EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 6 days ago3 views

httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash

A flaw was found in the modauthnsocache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration...

5.3CVSS6.2AI score0.00514EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added last week6 views

httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash

A flaw was found in the modauthnsocache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration...

5.3CVSS6AI score0.00514EPSS
Exploits0References5
Cvelist
Cvelist
added last week34 views

CVE-2026-48588 Potential exposure of private data via cached Set-Cookie response

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. UpdateCacheMiddleware and the cachepage decorator cache responses that vary on cookies when the incoming request carries unrelated cookies, which allows remote attackers to read private data from the shared cache. Earlier,...

3.1CVSS0.00375EPSS
Exploits0References3
EUVD
EUVD
added last week7 views

EUVD-2026-42043

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. UpdateCacheMiddleware and the cachepage decorator cache responses that vary on cookies when the incoming request carries unrelated cookies, which allows remote attackers to read private data from the shared cache. Earlier,...

3.1CVSS6AI score0.00375EPSS
Exploits0References3
Fedora
Fedora
added 2026/07/04 1:7 a.m.10 views

[SECURITY] Fedora 43 Update: pdns-recursor-5.2.11-1.fc43

PowerDNS Recursor is a non authoritative/recursing DNS server. Use this package if you need a dns cache for your network...

8.2CVSS6.7AI score0.00407EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.7 views

CVE-2026-27775

Gitea 1.25.5 caches a branch-specific write-permission result across multiple refs in one pre-receive hook session, allowing a per-branch maintainer-edit grant to be reused for other refs and escalate to full repository write access...

5.9AI score0.00523EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/07/03 6:17 a.m.22 views

CVE-2026-9545

CVE-2026-9545 affects curl/libcurl when using HTTP/3 with early data and a cached SSL session. If a site is replaced by an attacker’s impostor on a second transfer, and early data is enabled while the SSL session cache is not disabled, curl may send the second request’s bytes before certificate v...

7.5CVSS5.9AI score0.00408EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/07/01 9:58 p.m.8 views

EUVD-2026-39027

Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview header...

9.6CVSS5.8AI score0.00244EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 8:51 p.m.8 views

EUVD-2026-40297

Rancher has over-inclusive team membership expansion in GitHub App authentication provider...

8.8CVSS5.8AI score0.0037EPSS
Exploits0References6
NVD
NVD
added 2026/06/30 12:16 p.m.8 views

CVE-2026-41053

Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2...

8.8CVSS0.0037EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 11:38 a.m.36 views

CVE-2026-41053 Over-inclusive team membership expansion in GitHub App authentication provider for Rancher

Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2...

8.8CVSS0.0037EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 11:38 a.m.39 views

CVE-2026-41053

CVE-2026-41053 affects Rancher’s GitHub authentication provider, specifically the team membership expansion, where an incorrect authentication caching flaw could grant principal access to any logged-in user. Affected versions are 2.13 prior to 2.13.6 and 2.14 prior to 2.14.2. Root cause: faulty c...

8.8CVSS5.8AI score0.0037EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-555 toui allows user-specific variables to be shared between users

Impact Websites that use Website.uservars property in versions. Patches It affects versions v2.0.1 to v2.4.0. Please upgrade to v2.4.1 Workarounds Do not use Website.uservars in websites when using versions v2.0.1 to v2.4.0. Also, do not use Website.signinuser in version v2.4.0 only. Explanation...

9.1CVSS7.1AI score0.00651EPSS
Exploits0References6
Veracode
Veracode
added 2026/06/27 5:58 a.m.6 views

Information Disclosure

angular/common is vulnerable to information disclosure. The vulnerability is due to the HttpTransferCache utility failing to consider the withCredentials flag and Cookie header when caching HTTP responses during Server-Side Rendering SSR with hydration enabled, which allows an attacker to obtain...

8.2CVSS5.8AI score0.00267EPSS
Exploits0References8Affected Software1
Fedora
Fedora
added 2026/06/27 12:57 a.m.4 views

[SECURITY] Fedora 43 Update: docker-buildkit-0.31.0-1.fc43

Concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit...

8.8CVSS6.3AI score0.00415EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/26 2:9 a.m.8 views

SUSE CVE-2026-53217

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: sync RX data at the hardware packet offset mvpp2 programs the RX queue packet offset, so hardware writes received data at dmaaddr + MVPP2SKBHEADROOM. The current CPU sync starts at dmaaddr and only covers rxbytes +...

8.6CVSS5.8AI score0.00401EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/26 12:8 a.m.5 views

CVE-2026-10804

A flaw was found in Streamlit, within its Palette Handler component. This vulnerability stems from the use of a weak hashing algorithm. A local attacker could exploit this flaw, though it requires a high level of technical complexity. Successful exploitation may lead to a low impact on the...

4.7CVSS5.8AI score0.00083EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/06/25 11:12 p.m.10 views

CVE-2026-53006

A flaw was found in the Linux kernel's IPv6 Internet Protocol version 6 implementation. This vulnerability, a Use-After-Free UAF error, occurs due to incorrect caching of network packet addresses before a memory operation. An attacker could potentially exploit this flaw to cause memory corruption...

9.8CVSS6AI score0.00377EPSS
Exploits0References4
Rows per page
Query Builder