Lucene search
K

69 matches found

CNNVD
CNNVD
added 2025/04/24 12:0 a.m.6 views

HCL Leap 安全漏洞

HCL Leap is a low-code development platform from HCL India. A security vulnerability exists in HCL Leap, which stems from the lack of a no cache header, which could lead to user directory information being cached...

3.2CVSS6.4AI score0.00127EPSS
Exploits0References1
Pen Test Partners Blog
Pen Test Partners Blog
added 2025/03/12 6:51 a.m.10 views

Take control of Cache-Control and local caching

TL;DR Caching speeds up website content delivery What caching directives are and how to use them The No-cache directive does not prevent caching The No-store directiveprevents caching Introduction The HTTP Cache-Control header is sometimes misunderstood. It's important because it is used to speci...

6.5AI score
Exploits0
Patchstack
Patchstack
added 2024/12/24 12:13 a.m.6 views

WordPress Content No Cache plugin <= 0.1.2 - Unauthenticated Private Content Disclosure vulnerability

Unauthenticated Private Content Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Content No Cache versions = 0.1.2...

5.3CVSS7AI score0.00386EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/12/24 12:0 a.m.7 views

PT-2024-17440 · WordPress · Content No Cache

Name of the Vulnerable Software and Affected Versions: Content No Cache: prevent specific content from being cached plugin for WordPress versions up to, and including, 0.1.2 Description: The issue allows unauthenticated attackers to extract data from password protected, private, or draft posts du...

5.3CVSS9.6AI score0.00386EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/12/24 12:0 a.m.2 views

WordPress plugin Content No Cache 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS7.9AI score0.00386EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/12/03 12:15 a.m.4 views

SUSE CVE-2024-53848

check-jsonschema is a CLI and set of pre-commit hooks for jsonschema validation. The default cache strategy uses the basename of a remote schema as the name of the file in the cache, e.g. https://example.org/schema.json will be stored as schema.json. This naming allows for conflicts. If an attack...

7.1CVSS6.5AI score0.00142EPSS
Exploits0References3
CVE
CVE
added 2024/11/29 6:39 p.m.72 views

CVE-2024-53848

The CVE-2024-53848 issue affects the check-jsonschema tool (and related advisories) where the default caching uses the remote schema basename (e.g., https://example.org/schema.json) as the cache filename. This can allow a malicious schema URL to overwrite or be substituted in the cache leading to...

7.1CVSS6.9AI score0.00142EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2024/11/29 6:39 p.m.21 views

CVE-2024-53848

check-jsonschema is a CLI and set of pre-commit hooks for jsonschema validation. The default cache strategy uses the basename of a remote schema as the name of the file in the cache, e.g. https://example.org/schema.json will be stored as schema.json. This naming allows for conflicts. If an attack...

7.1CVSS6.9AI score0.00142EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/29 12:0 a.m.6 views

PT-2024-35950

Name of the Vulnerable Software and Affected Versions: check-jsonschema versions prior to 0.30.0 Description: The default cache strategy in check-jsonschema uses the basename of a remote schema as the name of the file in the cache. This naming allows for conflicts, enabling an attacker to insert...

7.1CVSS7AI score0.00142EPSS
Exploits0References14
OSV
OSV
added 2024/09/04 6:12 p.m.3 views

GHSA-FW5R-6M3X-RH7P Flask-AppBuilder's login form allows browser to cache sensitive fields

Impact Auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources. Patches Upgrade flask-appbuilder to version 4.5.1 Workarounds If upgrading is not possible configure your web server to send the...

4.8CVSS5.9AI score0.00262EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/09/04 12:0 a.m.4 views

PT-2024-31566

Name of the Vulnerable Software and Affected Versions Flask-AppBuilder versions prior to 4.5.1 Description The auth DB login form default cache directives in Flask-AppBuilder allow browsers to locally store sensitive data. This can be an issue in environments using shared computer resources...

5.5CVSS5.9AI score0.00262EPSS
Exploits0References15
OSV
OSV
added 2024/02/01 8:51 p.m.35 views

GHSA-XW73-RW38-6VJC Classic builder cache poisoning

The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions most important being HEALTHCHECK and ONBUILD would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache...

6.9CVSS7.4AI score0.00258EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/02/01 12:0 a.m.4 views

PT-2024-1509

Name of the Vulnerable Software and Affected Versions Moby versions prior to 23.0 Moby versions 23.0 and later with DOCKER BUILDKIT=0 environment variable Moby versions 23.0 and later using the /build API endpoint Description The classic builder cache system in Moby is prone to cache poisoning if...

7.8CVSS7.5AI score0.00258EPSS
Exploits0References40
SUSE CVE
SUSE CVE
added 2023/02/15 6:5 a.m.4 views

SUSE CVE-2009-0358

Mozilla Firefox 3.x before 3.0.6 does not properly implement the 1 no-store and 2 no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the a back button or b history list of the victim's browser, as demonstrated by reading the response page of an...

3.3CVSS8.3AI score0.00521EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:35 a.m.4 views

SUSE CVE-2013-4959

Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensitive information without the "no-cache" setting, which might allow local users to obtain sensitive information such as 1 host name, 2 MAC address, and 3 SSH keys via the web browser cache...

2.1CVSS6.1AI score0.00352EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:32 a.m.3 views

SUSE CVE-2018-5131

Under certain circumstances the "fetch" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...

6.1CVSS8AI score0.02323EPSS
Exploits0References7
0day.today
0day.today
added 2019/09/09 12:0 a.m.73 views

WordPress 5.2.3 - Cross-Site Host Modification Exploit

Exploit for php platform in category web applications !/usr/bin/perl -w Wordpress Type: Remote Risk: High Solution: Set security headers to web server and no-cache for Cache-Control Simple Attack Scenarios: o This attack can bypass Simple WAF to access restricted content on the web server,...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2019/09/09 12:0 a.m.31 views

WordPress 5.2.3 - Cross-Site Host Modification

WordPress 5.2.3 - Cross-Site Host Modification !/usr/bin/perl -w Wordpress Type: Remote Risk: High Solution: Set security headers to web server and no-cache for Cache-Control Simple Attack Scenarios: o This attack can bypass Simple WAF to access restricted content on the web server, something lik...

7.3AI score
Exploits0
OSV
OSV
added 2018/06/11 9:29 p.m.1 views

DEBIAN-CVE-2018-5131

Under certain circumstances the "fetch" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...

5.9CVSS8.2AI score0.02323EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/06/11 9:0 p.m.26 views

CVE-2018-5131

Under certain circumstances the "fetch" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...

6.5AI score0.02323EPSS
Exploits0References11
Rows per page
Query Builder