74 matches found
compliance-trestle Vulnerable to SSRF in Remote Fetching Subsystem
A source code audit led to the discovery of three significant security vulnerabilities in the trestle/core/remote/cache.py module. Finding 1 Critical: SSRF CWE-918 The HTTPSFetcher.dofetch method passes a user-supplied URL directly to requests.get without validation. This allows an attacker to...
PT-2026-44731
A source code audit led to the discovery of three significant security vulnerabilities in the trestle/core/remote/cache.py module. Finding 1 Critical: SSRF CWE-918 The HTTPSFetcher. do fetch method passes a user-supplied URL directly to requests.get without validation. This allows an attacker to...
CVE-2026-6907
The CVE affects Django 6.0 before 6.0.5 and 5.2 before 5.2.14. The vulnerability lies in django.middleware.cache.UpdateCacheMiddleware, which may cache requests when the Vary header contains an asterisk (*) and thereby expose private data. This could cause private data to be stored and subsequent...
PT-2026-34222
Name of the Vulnerable Software and Affected Versions OpenFGA versions prior to 1.14.1 Description In specific scenarios, models using conditions with caching enabled can result in two different check requests producing the same cache key. This may lead to the reuse of an earlier cached result fo...
OpenFGA 安全漏洞
OpenFGA is an open-source authorization/licensing engine built for developers, inspired by Google Zanzibar. Versions of OpenFGA prior to 1.13.1 contained a security vulnerability. This vulnerability arises from models that enable caching, which may generate the same cache keys under certain...
CVE-2025-14806
IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attacker to trick the caching mechanism into storing and serving sensitive, user-specific responses as publicly cacheable resources...
CVE-2025-14806
IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attacker to trick the caching mechanism into storing and serving sensitive, user-specific responses as publicly cacheable resources...
CVE-2025-14806 IBM Planning Analytics Information Disclosure
IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attacker to trick the caching mechanism into storing and serving sensitive, user-specific responses as publicly cacheable resources...
UBUNTU-CVE-2026-3904
Calling NSS-backed functions that support caching via nscd may call th...
Apple macOS 安全漏洞
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. There is a security vulnerability in Apple macOS, which stems from improper caching practices and may lead to denial-of-service attacks. The following versions are affected: macOS Sequoia...
Hono code issue vulnerabilities
Hono is a web framework built in TypeScript for the Hono community. Versions of Hono prior to 4.11.7 had code vulnerabilities. These vulnerabilities stemmed from information leaks in the caching middleware, which could potentially cache private or authenticated responses and expose them to...
EUVD-2019-0620
Malware in sbrugna...
EUVD-2021-2252
Malware in sbrugna...
EUVD-2020-3463
Malware in sbrugna...
EUVD-2018-16917
Malware in sbrugna...
EUVD-2020-0316
Malware in sbrugna...
EUVD-2013-3910
Malware in sbrugna...
EUVD-2012-0370
Malware in sbrugna...
EUVD-2018-3500
Malware in sbrugna...
PT-2025-39916
Name of the Vulnerable Software and Affected Versions go-f3 versions 0.8.8 and below Description go-f3’s justification verification caching mechanism improperly caches verification results without considering the message context. An attacker can bypass justification verification by submitting a...