BIT-MARIADB-MIN-2026-35549

An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the cachingsha2password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha256cryptr uses allo...

WordPress Varnish/Nginx Proxy Caching <= 1.8.3 - Information Exposure

Razvan Stanga Varnish/Nginx Proxy Caching = 1.8.3 contains an insertion of sensitive information into sent data vulnerability caused by improper handling of embedded sensitive data, letting attackers retrieve sensitive information, exploit requires crafted requests. id: CVE-2025-62126 info: name:...

CVE-2026-10804

A vulnerability has been found in Streamlit up to 1.53.0. Impacted is an unknown function in the library lib/streamlit/runtime/caching/hashing.py of the component Palette Handler. Such manipulation leads to use of weak hash. Local access is required to approach this attack. The attack requires a...

PT-2026-46233

🔒 API Platform CVE-2026-49858: JSON:API & HAL normalizers cached components across users on long-running runtimes FrankenPHP, RoadRunner, Swoole. Patched in 4.1.29 / 4.2.25 / 4.3.8 — upgrade now. https://t.co/1oIPjtQjqB...

PT-2026-46190

A vulnerability has been found in Streamlit up to 1.53.0. Impacted is an unknown function in the library lib/streamlit/runtime/caching/hashing.py of the component Palette Handler. Such manipulation leads to use of weak hash. Local access is required to approach this attack. The attack requires a...

[SECURITY] Fedora 43 Update: unbound-1.25.1-1.fc43

Unbound is a validating, recursive, and caching DNSSEC resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modula...

httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash

A flaw was found in the modauthnsocache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration...

BIT-NEO4J-2026-1471 Caching of authentication context

Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.1.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO UserInfo endpoint. We recomme...

EUVD-2026-32985

Ubuntu Linux 6.8, 7.17 and 7.0 contain AppArmor SAUCE patches which can, under certain circumstances, use an uninitialized variable in notification handling code. The bug can be triggered by an unprivileged local user and can result in the incorrect caching of AppArmor notification responses...

CVE-2026-47330

Ubuntu Linux 6.8, 7.17 and 7.0 contain AppArmor SAUCE patches that can use an uninitialized variable in notification handling code. The bug can be triggered by an unprivileged local user and can result in the incorrect caching of AppArmor notification responses. Affected component: AppArmor/notif...

CVE-2026-47330 Use of uninitialized value in Ubuntu Linux AppArmor notification handling

Ubuntu Linux 6.8, 7.17 and 7.0 contain AppArmor SAUCE patches which can, under certain circumstances, use an uninitialized variable in notification handling code. The bug can be triggered by an unprivileged local user and can result in the incorrect caching of AppArmor notification responses...

CVE-2026-47330

Ubuntu Linux 6.8, 7.17 and 7.0 contain AppArmor SAUCE patches which can, under certain circumstances, use an uninitialized variable in notification handling code. The bug can be triggered by an unprivileged local user and can result in the incorrect caching of AppArmor notification responses...

GHSA-W76H-Q7C6-JPJP compliance-trestle Vulnerable to SSRF in Remote Fetching Subsystem

A source code audit led to the discovery of three significant security vulnerabilities in the trestle/core/remote/cache.py module. Finding 1 Critical: SSRF CWE-918 The HTTPSFetcher.dofetch method passes a user-supplied URL directly to requests.get without validation. This allows an attacker to...

compliance-trestle Vulnerable to SSRF in Remote Fetching Subsystem

A source code audit led to the discovery of three significant security vulnerabilities in the trestle/core/remote/cache.py module. Finding 1 Critical: SSRF CWE-918 The HTTPSFetcher.dofetch method passes a user-supplied URL directly to requests.get without validation. This allows an attacker to...

PYSEC-2026-192

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

SUSE CVE-2026-45912

In the Linux kernel, the following vulnerability has been resolved: ext4: don't cache extent during splitting extent Caching extents during the splitting process is risky, as it may result in stale extents remaining in the status tree. Moreover, in most cases, the corresponding extent block entri...

CVE-2026-45912

A flaw was found in the Linux kernel's ext4 filesystem. During certain file operations, specifically when splitting data extents, an issue with caching can lead to incorrect tracking of disk space. This can result in errors in space accounting, potentially impacting data integrity and the overall...

PT-2026-44479

Name of the Vulnerable Software and Affected Versions Ubuntu Linux version 6.8 Ubuntu Linux version 7.0 Ubuntu Linux version 7.17 Description AppArmor SAUCE patches contain an issue where an uninitialized variable may be used within the notification handling code. This can be triggered by an...

PT-2026-44731

A source code audit led to the discovery of three significant security vulnerabilities in the trestle/core/remote/cache.py module. Finding 1 Critical: SSRF CWE-918 The HTTPSFetcher. do fetch method passes a user-supplied URL directly to requests.get without validation. This allows an attacker to...

Python Liquid 路径遍历漏洞

Python Liquid is a Python engine developed by James for processing Liquid templates. Versions of Python Liquid prior to 2.2.0 had a path traversal vulnerability. This vulnerability stemmed from the lack of protection in FileSystemLoader and CachingFileSystemLoader against reading absolute paths,...