Lucene search
+L

34 matches found

Cvelist
Cvelist
added 2026/05/13 2:58 p.m.69 views

CVE-2026-44457 Hono: Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be...

5.3CVSS0.00197EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 2:58 p.m.36 views

CVE-2026-44457

CVE-2026-44457 affects Hono's Cache Middleware prior to v4.12.18, which does not skip caching for responses with Vary: Authorization or Vary: Cookie. This can allow a response cached for one authenticated user to be served to other users, leaking per-user data. The issue is fixed in v4.12.18. Rem...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/05/13 2:58 p.m.4 views

CVE-2026-44457 Hono: Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/13 2:58 p.m.9 views

CVE-2026-44457 Hono: Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References1
OSV
OSV
added 2026/05/12 12:32 p.m.26 views

GHSA-Q62F-H9X2-GCQC Spring AI: ChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage

Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users...

7.5CVSS5.5AI score0.0026EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/12 10:17 a.m.58 views

CVE-2026-41712 ChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage

Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users...

7.5CVSS0.0026EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 10:17 a.m.7 views

CVE-2026-41712 ChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage

Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users...

7.5CVSS5.5AI score0.0026EPSS
Exploits0References2
OSV
OSV
added 2026/05/12 10:17 a.m.2 views

CVE-2026-41712 ChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage

Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users...

7.5CVSS5.6AI score0.0026EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/05/09 12:28 a.m.10 views

NPM: Hono's Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage

NPM: Hono's Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage vulnerability discovered by ? in WordPress Npm hono versions 4.12.18...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/09 12:28 a.m.36 views

GHSA-P77W-8QQV-26RM Hono's Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage

Summary Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be served to subsequent requests from different users. Details The Cache Middleware skips caching when...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References3
Spring Security Advisories
Spring Security Advisories
added 2026/05/08 12:0 a.m.7 views

ChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage

Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users...

7.5CVSS5.5AI score0.0026EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/30 10:52 p.m.9 views

CVE-2026-33872

elixir-nodejs provides an Elixir API for calling Node.js functions. A vulnerability in versions prior to 3.1.4 results in Cross-User Data Leakage or Information Disclosure due to a race condition in the worker protocol. The lack of request-response correlation creates a "stale response"...

7.1CVSS6AI score0.00315EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/27 8:1 p.m.32 views

CVE-2026-33872 elixir-nodejs has Cross-User Data Leakage or Information Disclosure due to Worker Protocol Race Condition

elixir-nodejs provides an Elixir API for calling Node.js functions. A vulnerability in versions prior to 3.1.4 results in Cross-User Data Leakage or Information Disclosure due to a race condition in the worker protocol. The lack of request-response correlation creates a "stale response"...

7.1CVSS0.00315EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/27 8:1 p.m.6 views

CVE-2026-33872

elixir-nodejs provides an Elixir API for calling Node.js functions. A vulnerability in versions prior to 3.1.4 results in Cross-User Data Leakage or Information Disclosure due to a race condition in the worker protocol. The lack of request-response correlation creates a "stale response"...

7.1CVSS6AI score0.00315EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/26 6:23 p.m.5 views

GHSA-RWCR-RPCC-3G9M elixir-nodejs has Cross-User Data Leakage or Information Disclosure due to Worker Protocol Race Condition

Impact This vulnerability results in Cross-User Data Leakage or Information Disclosure due to a race condition in the worker protocol. The lack of request-response correlation creates a "stale response" vulnerability. Because the worker does not verify which request a response belongs to, it may...

7.1CVSS6AI score0.00315EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/03/26 6:23 p.m.7 views

elixir-nodejs has Cross-User Data Leakage or Information Disclosure due to Worker Protocol Race Condition

Impact This vulnerability results in Cross-User Data Leakage or Information Disclosure due to a race condition in the worker protocol. The lack of request-response correlation creates a "stale response" vulnerability. Because the worker does not verify which request a response belongs to, it may...

7.1CVSS6AI score0.00315EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/03/02 6:42 p.m.39 views

CVE-2026-0025

CVE-2026-0025 is a vulnerability in Android’s Notification.java hasImage path where a permissions bypass can leak information across users, enabling local privilege escalation with no extra execution privileges and no user interaction. Exploitation is local and no exploit details are provided in ...

8.4CVSS6.1AI score0.00102EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/02 6:42 p.m.25 views

CVE-2026-0025

In hasImage of Notification.java, there is a possible way to reveal information across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.4CVSS6.1AI score0.00102EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/02/02 11:16 p.m.10 views

CVE-2026-24040

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, the addJS method in the jspdf Node.js build utilizes a shared module-scoped variable text to store JavaScript content. When used in a concurrent environment e.g., a Node.js web server, this variable is shared across all requests. ...

6.3CVSS0.00253EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/02 8:38 p.m.5 views

CVE-2026-24040

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, the addJS method in the jspdf Node.js build utilizes a shared module-scoped variable text to store JavaScript content. When used in a concurrent environment e.g., a Node.js web server, this variable is shared across all requests. ...

6.3CVSS5.3AI score0.00253EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder