Lucene search
K

3325 matches found

CVE
CVE
added 2026/06/16 1:13 p.m.13 views

CVE-2026-10637

CVE-2026-10637 describes a use-after-free in Zephyr’s IPv6 MLD path: after net_send_data(pkt) returns, the code reads net_pkt_iface(pkt) from a freed net_pkt, risking NULL or stale pointers and potential crash or memory corruption. The root cause is violating the network stack ownership contract;...

7.1CVSS5.4AI score0.00299EPSS
Exploits1References2Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2026/06/16 12:0 a.m.9 views

This Week in Spring - June 16th, 2026

Hi Spring fans! Welcome to another installment of This Week in Spring! I'm writing this from the oh-so-delightful and delicious! city of New Delhi, India. It's been a real privilege to come and visit so many amazing people. Last night my friend DaShaun and I presented here at the local Delhi JUG,...

5.3AI score
Exploits0
NVD
NVD
added 2026/06/15 11:16 p.m.12 views

CVE-2026-12205

Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign on a Key object picks a nonce, and every later sign on that same object...

9.1CVSS0.00289EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 8:41 p.m.4 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Use of Cache Containing Sensitive Information (CVE-2026-22741)

Summary There are vulnerabilities in spring-webmvc-6.2.17.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-22741. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-22741 DESCRIPTION: Spring MVC and WebFlux applications are vulnerable to cache...

3.1CVSS5.3AI score0.00236EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 5:13 p.m.30 views

@angular/service-worker: Request Credential & Cache Policy Stripping

An issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during request reconstruction. When the Angular Service Worker intercepts network requests for matched assets, it reconstructs a new Request object using an internal helper function. During thi...

6.1CVSS5.5AI score0.0015EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 4:51 p.m.11 views

@angular/common: Information Leak via Default Caching of Credentialed Requests in HttpTransferCache

A vulnerability was discovered in @angular/common when Server-Side Rendering SSR and hydration are enabled. The HttpTransferCache utility optimizes hydration by caching outgoing HTTP requests performed during SSR and transferring the cached state to the client-side application via TransferState...

8.2CVSS5.4AI score0.00267EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/06/15 4:51 p.m.9 views

Use of Cache Containing Sensitive Information

Overview Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information via the HttpTransferCache utility. An attacker can access sensitive user-specific information by making requests to pages that have been cached by a shared caching layer after another user h...

8.2CVSS5.8AI score0.00267EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/15 8:36 a.m.13 views

CVE-2026-48096

A flaw was found in OpenFGA, an authorization/permission engine. When iterator caching is enabled, distinct authorization check requests can generate identical cache keys. This can cause OpenFGA to reuse an outdated or incorrect cached result for subsequent requests. Such a flaw may lead to...

5.3CVSS5.2AI score0.00101EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49563

Name of the Vulnerable Software and Affected Versions @angular/service-worker versions prior to 19.2.23 @angular/service-worker versions prior to 20.3.22 @angular/service-worker versions prior to 21.2.15 @angular/service-worker versions prior to 22.0.0-rc.2 Description An issue in the...

5.7CVSS5.8AI score0.0015EPSS
Exploits0References7
Fedora
Fedora
added 2026/06/13 1:13 a.m.18 views

[SECURITY] Fedora 44 Update: varnish-8.0.2-1.fc44

This is Varnish Cache, a high-performance HTTP accelerator. Varnish Cache stores web pages in memory so web servers don=E2=80=99t have to create the same web page over and over again. Varnish Cache serves pages much faster than any application server; giving the website a significant speed up...

9.8CVSS5.4AI score0.00202EPSS
Exploits1
NVD
NVD
added 2026/06/12 6:16 p.m.13 views

CVE-2026-47225

Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is a cache isolation issue affecting search requests that use both server-side search result caching and Scoped Search API Keys. Under specific request ordering, cached search results could be reused across...

6CVSS0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 5:12 p.m.63 views

CVE-2026-47225 Improper Search Cache Isolation for Scoped Search API Keys in Typesense

Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is a cache isolation issue affecting search requests that use both server-side search result caching and Scoped Search API Keys. Under specific request ordering, cached search results could be reused across...

6CVSS0.00226EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 5:12 p.m.10 views

EUVD-2026-36511

Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is a cache isolation issue affecting search requests that use both server-side search result caching and Scoped Search API Keys. Under specific request ordering, cached search results could be reused across...

6CVSS5.3AI score0.00226EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 5:12 p.m.13 views

CVE-2026-47225

Type: CVE-2026-47225 affects Typesense search engine. A cache isolation flaw in versions prior to 29.1 and 30.2 affects requests that use both server-side search result caching and Scoped Search API Keys. Under certain request ordering, cached results could be reused across requests with differen...

6CVSS5.3AI score0.00226EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.12 views

PT-2026-48945

Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is a cache isolation issue affecting search requests that use both server-side search result caching and Scoped Search API Keys. Under specific request ordering, cached search results could be reused across...

6CVSS5.2AI score0.00226EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/11 8:28 p.m.11 views

EUVD-2026-36061

OpenFGA has cache-key delimiter injection in shared-iterator and v2 iterator that caches enables intra-store authorization-decision poisoning...

5.3CVSS5.5AI score0.00101EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/10 10:15 p.m.5 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource through improper handling of caveat structures containing nested lists in the caching process. An attacker can gain unauthorized access to protected resources by crafting requests th...

3.1CVSS5.3AI score0.00276EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 10:15 p.m.5 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource through improper handling of caveat structures containing nested lists in the caching process. An attacker can gain unauthorized access to protected resources by crafting requests th...

3.1CVSS5.3AI score0.00276EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 10:15 p.m.4 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource through improper handling of caveat structures containing nested lists in the caching process. An attacker can gain unauthorized access to protected resources by crafting requests th...

3.1CVSS5.3AI score0.00276EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/10 8:29 p.m.9 views

undertow: Undertow: Request Smuggling via Malformed HTTP Request Headers

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform...

9.1CVSS5.5AI score0.00677EPSS
Exploits0References4
Rows per page
Query Builder