CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4 matches found

Veracode•added 2025/07/04 3:28 a.m.•3 views

Cache Poisoning

Next.js is vulnerable to Cache Poisoning. The vulnerability is due to improper caching of HTTP 204 responses for static pages, which allows an attacker to poison the cache and cause the 204 response to be served to all users attempting to access the affected page...

7.5CVSS6.2AI score0.00171EPSS

Exploits0References6Affected Software1

NVD•added 2025/01/09 6:15 p.m.•11 views

CVE-2025-22149

JWK Set JSON Web Key Set is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use...

2.1CVSS0.00062EPSS

Exploits0References5

GitLab Advisory Database•added 2025/01/09 12:0 a.m.•11 views

JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

The project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use cases that utilize the provided auto-caching HTTP client and where key removal fr...

2.1CVSS6.8AI score0.00062EPSS

Exploits0References6Affected Software1