CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

68 matches found

Github Security Blog•added 2026/06/18 2:28 p.m.•10 views

undici vulnerable to cross-user information disclosure via shared cache whitespace bypass

Impact Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded qualified private or no-cache field names such as private=" authorization" or no-cache="\tauthorization". The parser preserves the surrounding...

5.9CVSS7AI score0.00326EPSS

Exploits0References4Affected Software1

EUVD•added 2026/06/18 2:28 p.m.•9 views

EUVD-2026-37766

undici vulnerable to cross-user information disclosure via shared cache whitespace bypass...

5.9CVSS7AI score0.00326EPSS

Exploits0References3

NVD•added 2026/06/17 6:18 p.m.•10 views

CVE-2026-9678

Impact: Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded qualified private or no-cache field names such as private=" authorization" or no-cache="\tauthorization". The parser preserves the surrounding...

5.9CVSS0.00326EPSS

Exploits0References2

Cvelist•added 2026/06/17 5:4 p.m.•20 views

CVE-2026-9678 undici vulnerable to cross-user information disclosure via shared cache whitespace bypass

5.9CVSS0.00326EPSS

Exploits0References2

Positive Technologies•added 2026/06/17 12:0 a.m.•11 views

PT-2026-50515

Name of the Vulnerable Software and Affected Versions undici versions prior to 7.28.0 undici versions prior to 8.5.0 Description The cache interceptor incorrectly classifies certain responses as cacheable when the upstream Cache-Control header contains whitespace-padded qualified private or...

5.9CVSS7AI score0.00326EPSS

Exploits0References55

Tenable Nessus•added 2026/01/27 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-24137

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client pkg/tuf/client.go...

5.8CVSS6.8AI score0.0037EPSS

Exploits0References4

ATTACKERKB•added 2026/01/26 5:40 p.m.•3 views

CVE-2026-24437

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 serve sensitive administrative content without appropriate cache-control directives. As a result, browsers may store credential-bearing responses locally, exposing them to subsequent unauthorized access...

4.8CVSS5.9AI score0.00154EPSS

Exploits0References3

Snyk•added 2026/01/23 12:49 a.m.•4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the TUF client. An attacker can overwrite arbitrary files on the filesystem by supplying crafted target metadata that causes path traversal outside the intended cache directory. Note: This is only exploitable if...

5.8CVSS6.5AI score0.0037EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2018-16917

Malware in sbrugna...

5.9CVSS7.8AI score0.02323EPSS

Exploits0References16

EUVD•added 2025/10/03 8:7 p.m.•6 views

EUVD-2024-28063