Lucene search
K

60 matches found

CVE
CVE
added 6 days ago13 views

CVE-2026-48588

CVE-2026-48588 affects Django 6.0 before 6.0.7 and 5.2 before 5.2.16. The issue arises in UpdateCacheMiddleware and the cache_page() decorator, which cache responses that vary on cookies when unrelated cookies are present, allowing remote attackers to read private data from the shared cache. Earl...

5.3CVSS6AI score0.00375EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2026/07/06 3:7 p.m.6 views

undici: Undici: Information disclosure due to improper cache-control header parsing

A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from...

5.9CVSS7AI score0.00374EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/07/06 4:52 a.m.4 views

undici: Undici: Information disclosure due to improper cache-control header parsing

A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from...

5.9CVSS7AI score0.00374EPSS
Exploits0References6
Snyk
Snyk
added 2026/07/01 9:19 p.m.5 views

Deserialization of Untrusted Data

Overview software.amazon.jdbc:aws-advanced-jdbc-wrapper is an Amazon Web Services AWS Advanced JDBC Wrapper Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the CachedResultSet deserialization path in the RemoteQueryCachePlugin. An attacker can execute...

8.8CVSS6.7AI score0.00416EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-54642

Name of the Vulnerable Software and Affected Versions AWS Advanced JDBC Wrapper versions 3.3.0 through 4.0.0 Description Deserialization of untrusted data in the RemoteQueryCachePlugin allows an actor with write access to the shared cache infrastructure to execute arbitrary code on application...

8.8CVSS6.3AI score0.00416EPSS
Exploits0References11
NVD
NVD
added 2026/06/30 8:17 p.m.6 views

CVE-2026-10140

IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries. An authenticated attacker can manipulate cache state to cause requests from other users to be processed using incorrect upstream API credentials,...

9.6CVSS0.00201EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 7:55 p.m.41 views

CVE-2026-10140 Cross-Tenant API Key Reuse and Billing Fraud in Langflow Voice Mode Subsystem

IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries. An authenticated attacker can manipulate cache state to cause requests from other users to be processed using incorrect upstream API credentials,...

9.6CVSS0.00201EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-9678

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded qualified...

5.9CVSS7.1AI score0.00374EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.11 views

SUSE CVE-2026-9678

Impact: Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded qualified private or no-cache field names such as private=" authorization" or no-cache="\tauthorization". The parser preserves the surrounding...

5.9CVSS5.3AI score0.00374EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/18 2:28 p.m.13 views

EUVD-2026-37766

undici vulnerable to cross-user information disclosure via shared cache whitespace bypass...

5.9CVSS7AI score0.00374EPSS
Exploits0References3
OSV
OSV
added 2026/06/18 2:28 p.m.8 views

GHSA-PR7R-676H-XCF6 undici vulnerable to cross-user information disclosure via shared cache whitespace bypass

Impact Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded qualified private or no-cache field names such as private=" authorization" or no-cache="\tauthorization". The parser preserves the surrounding...

5.9CVSS5.3AI score0.00374EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/18 2:28 p.m.16 views

undici vulnerable to cross-user information disclosure via shared cache whitespace bypass

Impact Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded qualified private or no-cache field names such as private=" authorization" or no-cache="\tauthorization". The parser preserves the surrounding...

5.9CVSS7AI score0.00374EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/17 11:25 p.m.11 views

CVE-2026-9678

A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from...

5.9CVSS4.8AI score0.00374EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/17 9:53 p.m.24 views

CVE-2026-50202 Steeltoe's static JWKS cache shared across schemes and never invalidated

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Security.Authentication.CloudFoundryBase prior to version 3.4.0, Steeltoe.Security.Authentication.JwtBearer prior to version 4.2.0, and...

5.9CVSS0.0029EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/17 6:21 p.m.10 views

Use of Cache Containing Sensitive Information

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the cache interceptor. An attacker can obtain another user's authenticated response data by exploiting whitespace-padded...

8.9CVSS7.1AI score0.00374EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 6:18 p.m.14 views

CVE-2026-9678

Impact: Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded qualified private or no-cache field names such as private=" authorization" or no-cache="\tauthorization". The parser preserves the surrounding...

5.9CVSS0.00374EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 5:4 p.m.36 views

CVE-2026-9678

Undici (node) vulnerability CVE-2026-9678: in shared-cache mode, the cache interceptor may misclassify responses as cacheable when Cache-Control uses whitespace-padded private/no-cache directives (e.g., private=" authorization" or no-cache="\tauthorization"). The whitespace is preserved by the pa...

5.9CVSS5.2AI score0.00374EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/17 5:4 p.m.1 views

CVE-2026-9678 undici vulnerable to cross-user information disclosure via shared cache whitespace bypass

Impact: Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded qualified private or no-cache field names such as private=" authorization" or no-cache="\tauthorization". The parser preserves the surrounding...

5.9CVSS7AI score0.00374EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/17 5:4 p.m.25 views

CVE-2026-9678 undici vulnerable to cross-user information disclosure via shared cache whitespace bypass

Impact: Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded qualified private or no-cache field names such as private=" authorization" or no-cache="\tauthorization". The parser preserves the surrounding...

5.9CVSS0.00374EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.14 views

PT-2026-50515

Name of the Vulnerable Software and Affected Versions undici versions prior to 7.28.0 undici versions prior to 8.5.0 Description The cache interceptor incorrectly classifies certain responses as cacheable when the upstream Cache-Control header contains whitespace-padded qualified private or...

5.9CVSS7AI score0.00374EPSS
Exploits0References96
Rows per page
Query Builder