Lucene search
K

4 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 12:50 p.m.9 views

Security Bulletin:Flask Vary Cookie Header Vulnerability: Use of Cache Containing Sensitive Information Fixed in 3.1.3

Summary Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs caches not t...

4.3CVSS5.8AI score0.00374EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/02/21 5:21 a.m.19 views

CVE-2026-27205 Flask session does not add `Vary: Cookie` header when accessed in some ways

Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs caches not to cache...

2.3CVSS0.00374EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/05/19 4:26 p.m.8 views

WordPress WP Image Mask plugin <= 3.1.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin WP Image Mask versions = 3.1.2...

6.5CVSS6AI score0.00215EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/01/19 12:0 a.m.4 views

CVE-2021-4016

Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. assetinfo.json or fileinfo.json, leading to a loss of...

4CVSS5.4AI score0.0022EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder