CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19 matches found

CVE-2026-8404

A flaw was found in Django. The django.middleware.cache.UpdateCacheMiddleware component does not correctly process Cache-Control response directives when they use uppercase or mixed-case values. This vulnerability allows a remote attacker to read responses that should not have been cached, leadin...

3.1CVSS5.7AI score

Exploits0References6

Vulnrichment•added 10 hours ago•2 views

CVE-2026-35193 Potential exposure of private data via missing Vary: Authorization in UpdateCacheMiddleware

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

3.1CVSS5.8AI score

Exploits0References3

Vulnrichment•added 10 hours ago•2 views

CVE-2026-8404 Potential exposure of private data via case-sensitive Cache-Control directives in UpdateCacheMiddleware

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their...

3.1CVSS5.8AI score

Exploits0References3

Cvelist•added 10 hours ago•4 views

CVE-2026-8404 Potential exposure of private data via case-sensitive Cache-Control directives in UpdateCacheMiddleware

3.1CVSS

Exploits0References3

CVE•added 10 hours ago•4 views

CVE-2026-8404

Summary: Django 5.2 (before 5.2.15) and Django 6.0 (before 6.0.6) contain a vulnerability in the UpdateCacheMiddleware where the middleware does not case-insensitively match Cache-Control directives. This can allow remote attackers to read responses that were cached with uppercase or mixed-case d...

3.1CVSS5.8AI score

Exploits0References3

EUVD•added 10 hours ago•5 views

EUVD-2026-34088

3.1CVSS5.8AI score

Exploits0References3

Positive Technologies•added 23 hours ago•3 views

PT-2026-45949

3.1CVSS5.8AI score

Exploits0References4

Positive Technologies•added 23 hours ago•4 views

PT-2026-45938

3.1CVSS5.8AI score

Exploits0References4

Tenable Nessus•added 2026/05/14 12:0 a.m.•1 views

Fedora 42 : python-django5 (2026-b9548393aa)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-b9548393aa advisory. - Fixes CVE-2026-5766: Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass - Fixes CVE-2026-35192: Session...

9.8CVSS5.8AI score0.00051EPSS

Exploits1References10

RedhatCVE•added 2026/05/08 11:24 a.m.•4 views

CVE-2026-6907

A flaw was found in Django. The django.middleware.cache.UpdateCacheMiddleware component incorrectly caches web requests when the Vary header contains an asterisk ''. This error can lead to sensitive private data being stored in the cache and subsequently served to unauthorized users, resulting in...

5.3CVSS5.7AI score0.00033EPSS

Exploits0References6

OSV•added 2026/05/08 8:41 a.m.•2 views

BIT-DJANGO-2026-6907 Potential exposure of private data due to incorrect handling of Vary: * in UpdateCacheMiddleware

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. django.middleware.cache.UpdateCacheMiddleware erroneously caches requests where the Vary header contained an asterisk ''. This can lead to private data being stored and served. Earlier, unsupported Django series such as 5.0.x,...

5.3CVSS5.7AI score0.00033EPSS

Exploits0References4

SUSE CVE•added 2026/05/06 1:45 a.m.•5 views

SUSE CVE-2026-6907

4.3CVSS5.7AI score0.00033EPSS

Exploits0References4

EUVD•added 2026/05/05 6:33 p.m.•3 views

EUVD-2026-27382

4.3CVSS5.8AI score0.00033EPSS

Exploits0References4

PyPA•added 2026/05/05 4:16 p.m.•9 views

PYSEC-2026-55

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14.django.middleware.cache.UpdateCacheMiddleware erroneously caches requests where the Vary header contained an asterisk ''. This can lead to private data being stored and served.Earlier, unsupported Django series such as 5.0.x, 4.1.x...

5.3CVSS5.8AI score0.00033EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/05/05 2:50 p.m.•1 views

CVE-2026-6907 Potential exposure of private data due to incorrect handling of Vary: * in UpdateCacheMiddleware

4.3CVSS5.7AI score0.00033EPSS

Exploits0References3

Cvelist•added 2026/05/05 2:50 p.m.•29 views

CVE-2026-6907 Potential exposure of private data due to incorrect handling of Vary: * in UpdateCacheMiddleware

4.3CVSS0.00033EPSS

Exploits0References3

CVE•added 2026/05/05 2:50 p.m.•4 views

CVE-2026-6907

The CVE affects Django 6.0 before 6.0.5 and 5.2 before 5.2.14. The vulnerability lies in django.middleware.cache.UpdateCacheMiddleware, which may cache requests when the Vary header contains an asterisk (*) and thereby expose private data. This could cause private data to be stored and subsequent...

5.3CVSS5.8AI score0.00033EPSS

Exploits0References3Affected Software1

UbuntuCve•added 2026/05/05 2:0 p.m.•1 views

CVE-2026-6907

5.3CVSS5.7AI score0.00033EPSS

Exploits0References3

Positive Technologies•added 2026/05/05 12:0 a.m.•2 views

PT-2026-37078

Name of the Vulnerable Software and Affected Versions Django versions 6.0 through 6.0.4 Django versions 5.2 through 5.2.13 Description An issue in django.middleware.cache.UpdateCacheMiddleware causes requests where the Vary header contains an asterisk '' to be erroneously cached. This behavior ca...

5.3CVSS5.8AI score0.00033EPSS

Exploits0References20

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by