Lucene search
K

1107 matches found

Cvelist
Cvelist
added 2026/06/09 7:33 a.m.41 views

CVE-2026-25699 Apache Answer: Authorization Bypass in Timeline API

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Timeline-related APIs lacked proper authorization checks, allowing regular authenticated users to access deleted, private, or unapproved content and i...

0.00406EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/07 12:0 a.m.12 views

deep-searcher 访问控制错误漏洞

Deep-Searcher is a private data search and intelligent question-answering tool developed by Zilliz, based on large models and VectorDB. Versions of Deep-Searcher 0.0.2 and earlier contain an access control vulnerability. This vulnerability stems from the operation of the CollectionRouter.invoke...

5.5CVSS5.6AI score0.00253EPSS
Exploits0References7
OSV
OSV
added 2026/06/06 8:39 a.m.11 views

BIT-DJANGO-2026-8404 Potential exposure of private data via case-sensitive Cache-Control directives in UpdateCacheMiddleware

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their...

5.3CVSS5.4AI score0.00285EPSS
Exploits0References4
OSV
OSV
added 2026/06/06 8:39 a.m.11 views

BIT-DJANGO-2026-48587 Potential exposure of private data via whitespace padding in Vary header

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

5.3CVSS5.4AI score0.00354EPSS
Exploits0References4
OSV
OSV
added 2026/06/06 8:39 a.m.8 views

BIT-DJANGO-2026-35193 Potential exposure of private data via missing Vary: Authorization in UpdateCacheMiddleware

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

3.1CVSS5.4AI score0.00359EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.10 views

CVE-2026-23638

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated attacker to tamper with the internal approval flow configurations of forms belonging to other users due to insufficient...

6.5CVSS5.5AI score0.00184EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.11 views

CVE-2025-13477

Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. This issue affects WifiBurada: through 21052026. NOTE: The vendor was contacted early about this...

7.1CVSS5.4AI score0.00224EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.9 views

CVE-2026-24753

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade...

6.5CVSS5.5AI score0.00174EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.13 views

CVE-2026-24751

Kiteworks is a private data network PDN. Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

8.2CVSS5.6AI score0.00289EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.12 views

WordPress plugin Alba Board 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.4AI score0.00272EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/03 1:16 p.m.36 views

CVE-2026-48587 Potential exposure of private data via whitespace padding in Vary header

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

3.1CVSS0.00354EPSS
Exploits0References3
CVE
CVE
added 2026/06/03 1:16 p.m.48 views

CVE-2026-48587

CVE-2026-48587 affects Django 5.2 before 5.2.15 and 6.0 before 6.0.6. The flaw in django.utils.cache.has_vary_header() does not strip leading/trailing whitespace from the Vary header before comparison, enabling remote attackers to read cached responses by requesting URLs whose responses contain w...

5.3CVSS5.8AI score0.00354EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/03 1:16 p.m.9 views

CVE-2026-35193 Potential exposure of private data via missing Vary: Authorization in UpdateCacheMiddleware

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

3.1CVSS5.8AI score0.00359EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/03 1:16 p.m.40 views

CVE-2026-35193 Potential exposure of private data via missing Vary: Authorization in UpdateCacheMiddleware

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

3.1CVSS0.00359EPSS
Exploits0References3
CVE
CVE
added 2026/06/03 1:16 p.m.189 views

CVE-2026-35193

Technical details about CVE-2026-35193 are not publicly available in the provided documents. Monitor for official updates from Django security advisories.

3.1CVSS5.8AI score0.00359EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/03 1:16 p.m.38 views

CVE-2026-8404

Django 5.2 before 5.2.15 and 6.0 before 6.0.6 contains a vulnerability in django.middleware.cache.UpdateCacheMiddleware where Cache-Control directives are not matched case-insensitively, allowing remote attackers to read cached responses. Older series (5.0.x, 4.1.x, 3.2.x) may also be affected. A...

5.3CVSS5.8AI score0.00285EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/03 1:0 p.m.9 views

UBUNTU-CVE-2026-48587

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

5.3CVSS5.3AI score0.00354EPSS
Exploits0References2
OSV
OSV
added 2026/06/03 1:0 p.m.9 views

UBUNTU-CVE-2026-35193

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

3.1CVSS5.3AI score0.00359EPSS
Exploits0References2
NVD
NVD
added 2026/06/01 11:16 p.m.21 views

CVE-2026-24761

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metadata of resources belonging to other users due to insufficient authorization checks on resource...

4.3CVSS0.00142EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 11:16 p.m.17 views

CVE-2026-24752

Kiteworks is a private data network PDN. Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

8.2CVSS0.00283EPSS
Exploits0References1
Rows per page
Query Builder