417 matches found
@tutkli/jikan-ts (>=0.6.1 <=0.6.3) potentially affected by CVE-2025-69202 via axios-cache-interceptor (=1.0.0)
axios-cache-interceptor NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on axios-cache-interceptor and may be impacted: - @tutkli/jikan-ts =0.6.1, =0.6.3 Source cves: CVE-2025-69202 Source advisory: SNYK:JS-AXIOSCACHEINTERCEPTOR-1472426...
Cache Poisoning
Overview axios-cache-interceptor is a Cache interceptor for axios Affected versions of this package are vulnerable to Cache Poisoning by ignoring the Vary HTTP header. An attacker can access unauthorized cached responses to obtain sensitive user data by sending requests with multiple different...
CVE-2025-69202 axios-cache-interceptor Vulnerable to Cache Poisoning via Ignored HTTP Vary Header
Axios Cache Interceptor is a cache interceptor for axios. Prior to version 1.11.1, when a server calls an upstream service using different auth tokens, axios-cache-interceptor returns incorrect cached responses, leading to authorization bypass. The cache key is generated only from the URL, ignori...
CVE-2025-69202
The CVE describes a cache poisoning/vulnerability in axios-cache-interceptor prior to v1.11.1: the cache key is generated from the URL only, ignoring request headers like Authorization. When upstream responses include Vary: Authorization, this leads to identical cached responses being served for ...
CVE-2025-69202 axios-cache-interceptor Vulnerable to Cache Poisoning via Ignored HTTP Vary Header
Axios Cache Interceptor is a cache interceptor for axios. Prior to version 1.11.1, when a server calls an upstream service using different auth tokens, axios-cache-interceptor returns incorrect cached responses, leading to authorization bypass. The cache key is generated only from the URL, ignori...
CVE-2025-15135
A weakness has been identified in joey-zhou xiaozhi-esp32-server-java up to 3.0.0. This impacts the function tryAuthenticateWithCookies of the file AuthenticationInterceptor.java of the component Cookie Handler. Executing manipulation can lead to improper authentication. The attack can be launche...
PT-2025-53783
Name of the Vulnerable Software and Affected Versions Axios Cache Interceptor versions prior to 1.11.1 Description Axios Cache Interceptor, a cache interceptor for axios, improperly handles responses with the Vary: Authorization header. Prior to version 1.11.1, the cache key was generated solely...
Axios Cache Interceptor 安全漏洞
Axios Cache Interceptor is a cache interceptor by the individual developer Arthur Fiorette. A security vulnerability exists in Axios Cache Interceptor versions prior to 1.11.1, which stems from cache key generation ignoring the authorization header, which could lead to authorization bypass...
CVE-2025-15135
A weakness has been identified in joey-zhou xiaozhi-esp32-server-java up to 3.0.0. This impacts the function tryAuthenticateWithCookies of the file AuthenticationInterceptor.java of the component Cookie Handler. Executing manipulation can lead to improper authentication. The attack can be launche...
CVE-2025-15135 joey-zhou xiaozhi-esp32-server-java Cookie AuthenticationInterceptor.java tryAuthenticateWithCookies improper authentication
A weakness has been identified in joey-zhou xiaozhi-esp32-server-java up to 3.0.0. This impacts the function tryAuthenticateWithCookies of the file AuthenticationInterceptor.java of the component Cookie Handler. Executing manipulation can lead to improper authentication. The attack can be launche...
CVE-2025-15135 joey-zhou xiaozhi-esp32-server-java Cookie AuthenticationInterceptor.java tryAuthenticateWithCookies improper authentication
A weakness has been identified in joey-zhou xiaozhi-esp32-server-java up to 3.0.0. This impacts the function tryAuthenticateWithCookies of the file AuthenticationInterceptor.java of the component Cookie Handler. Executing manipulation can lead to improper authentication. The attack can be launche...
CVE-2025-15135
CVE-2025-15135 affects the project joey-zhou xiaozhi-esp32-server-java (up to 3.0.0). The vulnerability is in the Cookie Handler component, specifically the function tryAuthenticateWithCookies() inside AuthenticationInterceptor.java. Manipulation of this function can lead to improper authenticati...
Exploit for Deserialization of Untrusted Data in Vmware Spring_Framework
Reporte de Vulnerabilidad - Java Store Application Resumen...
Ultra-Fast Wireless Power Hacking
The rapid growth of electric vehicles EVs has driven the development of roadway wireless charging technology, effectively extending EV driving range. However, wireless charging introduces significant cybersecurity challenges. Any receiver within the magnetic field can potentially extract energy,...
CVE-2025-6026
An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client UDC that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and telemetry data...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the isSensitiveSpec function which calls grpcomni.CreateResource without checking if the resource's metadata field is nil. An attacker can cause a server crash and disrupt service availability by sending emp...
EUVD-2020-4977
Malware in sbrugna...
EUVD-2021-21681
Malware in sbrugna...
EUVD-2012-5396
Malware in sbrugna...
EUVD-2017-10167
Malware in sbrugna...