BIT-DJANGO-2026-8404 Potential exposure of private data via case-sensitive Cache-Control directives in UpdateCacheMiddleware

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their...

BIT-DJANGO-2026-48587 Potential exposure of private data via whitespace padding in Vary header

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

BIT-DJANGO-2026-35193 Potential exposure of private data via missing Vary: Authorization in UpdateCacheMiddleware

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

CVE-2026-23638

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated attacker to tamper with the internal approval flow configurations of forms belonging to other users due to insufficient...

CVE-2025-13477

Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. This issue affects WifiBurada: through 21052026. NOTE: The vendor was contacted early about this...

CVE-2026-24753

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade...

CVE-2026-24751

Kiteworks is a private data network PDN. Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

CVE-2026-48587

CVE-2026-48587 affects Django 5.2 before 5.2.15 and 6.0 before 6.0.6. The flaw in django.utils.cache.has_vary_header() does not strip leading/trailing whitespace from the Vary header before comparison, enabling remote attackers to read cached responses by requesting URLs whose responses contain w...

CVE-2026-48587 Potential exposure of private data via whitespace padding in Vary header

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

CVE-2026-35193 Potential exposure of private data via missing Vary: Authorization in UpdateCacheMiddleware

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

CVE-2026-35193 Potential exposure of private data via missing Vary: Authorization in UpdateCacheMiddleware

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

CVE-2026-35193

Technical details about CVE-2026-35193 are not publicly available in the provided documents. Monitor for official updates from Django security advisories.

CVE-2026-8404

Django 5.2 before 5.2.15 and 6.0 before 6.0.6 contains a vulnerability in django.middleware.cache.UpdateCacheMiddleware where Cache-Control directives are not matched case-insensitively, allowing remote attackers to read cached responses. Older series (5.0.x, 4.1.x, 3.2.x) may also be affected. A...

UBUNTU-CVE-2026-35193

Potential exposure of private data via missing Vary: Authorization in UpdateCacheMiddleware...

UBUNTU-CVE-2026-48587

Potential exposure of private data via whitespace padding in Vary header...

CVE-2026-24761

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metadata of resources belonging to other users due to insufficient authorization checks on resource...

CVE-2026-24752

Kiteworks is a private data network PDN. Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

EUVD-2026-33838

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify permissions on resources belonging to other users due to insufficient authorization checks on resource...

CVE-2026-24755

Kiteworks Secure Data Forms (prior to v9.3.0) contains an Insecure Direct Object Reference (IDOR) vulnerability that allows an authenticated user to modify permissions on resources belonging to other users due to insufficient authorization checks on resource ownership. A patch is available in Kit...

CVE-2026-24754

CVE-2026-24754 affects Kiteworks, where a stored XSS vulnerability exists in Secure Data Forms prior to version 9.3.0. An authenticated attacker could execute arbitrary JavaScript in other users’ sessions. The issue is mitigated by upgrading to Kiteworks version 9.3.0 or later, which provides a p...