11 matches found
EUVD-2026-18136
The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...
CVE-2026-5032
The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...
CVE-2026-5032 W3 Total Cache <= 2.9.3 - Unauthenticated Security Token Exposure via User-Agent Header
The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...
CVE-2026-5032 W3 Total Cache <= 2.9.3 - Unauthenticated Security Token Exposure via User-Agent Header
The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...
PT-2026-29688
Name of the Vulnerable Software and Affected Versions W3 Total Cache versions up to and including 2.9.3 Description The W3 Total Cache plugin for WordPress is susceptible to information disclosure. The plugin bypasses its output buffering and processing when the User-Agent header contains "W3 Tot...
EUVD-2025-29425
Malicious code in bioql PyPI...
GraphQL Armor Max-Depth Plugin Bypass via fragment caching
Summary A query depth restriction using the max-depth can be bypassed if ignoreIntrospection is enabled which is the default configuration by naming your query/fragment schema. Details In the countDepth function, we have the following code that calculates the depth of a used fragment: typescript...
Allocation of Resources Without Limits or Throttling
Overview @escape.tech/graphql-armor-max-depth is a Limit the depth allowed in a GraphQL query. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the countDepth function. An attacker can cause excessive resource consumption by crafting...
GHSA-224P-V68G-5G8F GraphQL Armor Max-Depth Plugin Bypass via fragment caching
Summary A query depth restriction using the max-depth can be bypassed if ignoreIntrospection is enabled which is the default configuration by naming your query/fragment schema. Details In the countDepth function, we have the following code that calculates the depth of a used fragment: typescript...
Уязвимость ipfilter (fragment caching filter bypass)
При проверке фрагментированного пакета не проверяются порты и флаги пакета, только адреса и ip id, если ip id имеется в кэше...
Serious bug in IPFilter
A VERY serious bug has been brought to my attention in IPFilter. In 10 words or less, fragment caching with can let through "any" packet. Ok, so that's 8. Cause ===== When matching a fragment, only srcip, dstip and IP ID are checked and the fragment cache is checked before any rules are checked. ...