CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

165 matches found

CVE-2025-13477

Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. This issue affects WifiBurada: through 21052026. NOTE: The vendor was contacted early about this...

7.1CVSS5.4AI score0.00042EPSS

Exploits0References1

CVE•added 3 days ago•12 views

CVE-2026-48587

CVE-2026-48587 affects Django 5.2 before 5.2.15 and 6.0 before 6.0.6. The flaw in django.utils.cache.has_vary_header() does not strip leading/trailing whitespace from the Vary header before comparison, enabling remote attackers to read cached responses by requesting URLs whose responses contain w...

5.3CVSS5.8AI score0.00037EPSS

Exploits0References3Affected Software1

Cvelist•added 3 days ago•29 views

CVE-2026-48587 Potential exposure of private data via whitespace padding in Vary header

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

3.1CVSS0.00037EPSS

Exploits0References3

Cvelist•added 3 days ago•34 views

CVE-2026-35193 Potential exposure of private data via missing Vary: Authorization in UpdateCacheMiddleware

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

3.1CVSS0.00037EPSS

Exploits0References3

CVE•added 3 days ago•17 views

CVE-2026-35193

Technical details about CVE-2026-35193 are not publicly available in the provided documents. Monitor for official updates from Django security advisories.

3.1CVSS5.8AI score0.00037EPSS

Exploits0References3Affected Software1

CVE•added 3 days ago•12 views

CVE-2026-8404

Django 5.2 before 5.2.15 and 6.0 before 6.0.6 contains a vulnerability in django.middleware.cache.UpdateCacheMiddleware where Cache-Control directives are not matched case-insensitively, allowing remote attackers to read cached responses. Older series (5.0.x, 4.1.x, 3.2.x) may also be affected. A...

5.3CVSS5.8AI score0.00038EPSS

Exploits0References3Affected Software1

OSV•added 3 days ago•4 views

UBUNTU-CVE-2026-35193

Potential exposure of private data via missing Vary: Authorization in UpdateCacheMiddleware...

3.1CVSS5.8AI score0.00037EPSS

Exploits0References2

Cvelist•added 2026/05/28 8:29 p.m.•25 views

CVE-2026-42071 MantisBT: Private Bugnote Attachment Content Leak via REST API

Mantis Bug Tracker MantisBT is an open source issue tracker. From 2.23.0 to 2.28.1, a missing authorization check in MantisBT's file visibility function allows any authenticated user REPORTER+ to download attachments on private bugnotes they should not be able to access, via the REST API endpoint...

7.2CVSS0.00046EPSS

Exploits0References5

Circl•added 2026/05/27 8:6 a.m.•6 views

CVE-2026-27771

creationtimestamp| type| source ---|---|--- 2026-05-27 08:06:32+00:00| seen| https://thehackernews.com/2026/05/gitea-vulnerability-exposes-private.html 2026-05-27 10:09:05+00:00| seen| https://t.me/thehackernews/9089 2026-05-27 12:02:14+00:00| seen|...

6AI score

Exploits1References15

NVD•added 2026/05/21 2:16 p.m.•6 views

CVE-2025-13477

7.1CVSS0.00042EPSS

Exploits0References1

Vulnrichment•added 2026/05/21 12:41 p.m.•3 views

CVE-2025-13477 OTP Bypass in Digital Operation Services' WifiBurada

7.1CVSS5.8AI score0.00042EPSS

Exploits0References1

EUVD•added 2026/05/21 12:41 p.m.•6 views

EUVD-2025-209910

7.1CVSS5.8AI score0.00042EPSS

Exploits0References1

ATTACKERKB•added 2026/05/21 12:41 p.m.•3 views

CVE-2025-13477

7.1CVSS5.8AI score0.00042EPSS

Exploits0References2

CNNVD•added 2026/05/21 12:0 a.m.•4 views

Digital Operation Services WiFiBurada 安全漏洞

Digital Operation Services WiFiBurada is an application developed by Digital Operation Services. Versions of Digital Operation Services WiFiBurada dated before May 20, 2026, have security vulnerabilities. These vulnerabilities stem from the exposure of private personal information to unauthorized...

7.1CVSS5.8AI score0.00042EPSS

Exploits0References1

Cvelist•added 2026/05/13 6:52 p.m.•96 views

CVE-2026-42031 CKAN: Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql`

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed ...

8.3CVSS0.13784EPSS

Exploits0References1

CNNVD•added 2026/05/11 12:0 a.m.•7 views

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS prior to Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5 contain security vulnerabilities due to state management issues, which may allow applications to access private...

6.5CVSS5.8AI score0.00034EPSS

Exploits0References2

OSV•added 2026/05/08 8:41 a.m.•3 views

BIT-DJANGO-2026-6907 Potential exposure of private data due to incorrect handling of Vary: * in UpdateCacheMiddleware

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. django.middleware.cache.UpdateCacheMiddleware erroneously caches requests where the Vary header contained an asterisk ''. This can lead to private data being stored and served. Earlier, unsupported Django series such as 5.0.x,...

5.3CVSS5.7AI score0.00033EPSS

Exploits0References4