Total
27 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-43392 | 1 Apple | 7 Ios, Ipados, Iphone Os and 4 more | 2025-11-04 | 5.3 Medium |
| The issue was addressed with improved handling of caches. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. A website may exfiltrate image data cross-origin. | ||||
| CVE-2023-37517 | 1 Hcltech | 1 Domino Leap | 2025-10-30 | 3.2 Low |
| Missing "no cache" headers in HCL Leap permits sensitive data to be cached. | ||||
| CVE-2025-61598 | 1 Discourse | 1 Discourse | 2025-10-30 | N/A |
| Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning attacks. This vulnerability is fixed in 3.6.2 and 3.6.0.beta2. | ||||
| CVE-2024-30127 | 1 Hcltech | 1 Leap | 2025-10-29 | 3.2 Low |
| Missing "no cache" headers in HCL Leap permits sensitive data to be cached. | ||||
| CVE-2023-37516 | 1 Hcltech | 1 Leap | 2025-10-29 | 3.2 Low |
| Missing "no cache" headers in HCL Leap permits user directory information to be cached. | ||||
| CVE-2024-33004 | 2 Sap, Sap Se | 2 Businessobjects Business Intelligence Platform, Sap Business Objects Business Intgelligence Platform | 2025-10-23 | 4.3 Medium |
| SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on Confidentiality, Integrity and Availability of the application. | ||||
| CVE-2024-27917 | 1 Shopware | 1 Shopware | 2025-09-10 | 7.5 High |
| Shopware is an open commerce platform based on Symfony Framework and Vue. The Symfony Session Handler pops the Session Cookie and assigns it to the Response. Since Shopware 6.5.8.0, the 404 pages are cached to improve the performance of 404 pages. So the cached Response which contains a Session Cookie when the Browser accessing the 404 page, has no cookies yet. The Symfony Session Handler is in use, when no explicit Session configuration has been done. When Redis is in use for Sessions using the PHP Redis extension, this exploiting code is not used. Shopware version 6.5.8.7 contains a patch for this issue. As a workaround, use Redis for Sessions, as this does not trigger the exploit code. | ||||
| CVE-2025-57752 | 1 Vercel | 1 Next.js | 2025-09-08 | 6.2 Medium |
| Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers (such as Cookie or Authorization), these responses could be incorrectly cached and served to unauthorized users due to a cache key confusion bug. This vulnerability has been fixed in Next.js versions 14.2.31 and 15.4.5. All users are encouraged to upgrade if they use API routes to serve images that depend on request headers and have image optimization enabled. | ||||
| CVE-2025-9901 | 1 Redhat | 1 Enterprise Linux | 2025-09-04 | 5.9 Medium |
| A flaw was found in libsoup’s caching mechanism, SoupCache, where the HTTP Vary header is ignored when evaluating cached responses. This header ensures that responses vary appropriately based on request headers such as language or authentication. Without this check, cached content can be incorrectly reused across different requests, potentially exposing sensitive user information. While the issue is unlikely to affect everyday desktop use, it could result in confidentiality breaches in proxy or multi-user environments. | ||||
| CVE-2024-0874 | 1 Redhat | 3 Acm, Logging, Openshift | 2025-08-30 | 5.3 Medium |
| A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching. | ||||
| CVE-2025-5141 | 2025-08-29 | 5.5 Medium | ||
| A binary in the BoKS Server Agent component of Fortra's Core Privileged Access Manager (BoKS) on versions 7.2.0 (up to 7.2.0.17), 8.1.0 (up to 8.1.0.22), 8.1.1 (up to 8.1.1.7), 9.0.0 (up to 9.0.0.1) and also legacy tar installs of BoKS 7.2 without hotfix #0474 on Linux, AIX, and Solaris allows low privilege local users to dump data from the cache. | ||||
| CVE-2024-45596 | 1 Directus | 1 Directus | 2025-07-12 | 7.4 High |
| Directus is a real-time API and App dashboard for managing SQL database content. An unauthenticated user can access credentials of last authenticated user via OpenID or OAuth2 where the authentication URL did not include redirect query string. This happens because on that endpoint for both OpenId and Oauth2 Directus is using the respond middleware, which by default will try to cache GET requests that met some conditions. Although, those conditions do not include this scenario, when an unauthenticated request returns user credentials. This vulnerability is fixed in 10.13.3 and 11.1.0. | ||||
| CVE-2025-4233 | 2025-06-16 | N/A | ||
| An insufficient implementation of cache vulnerability in Palo Alto Networks Prisma® Access Browser enables users to bypass certain data control policies. | ||||
| CVE-2023-45696 | 1 Hcltech | 1 Sametime | 2025-06-03 | 4 Medium |
| Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser. | ||||
| CVE-2022-3292 | 1 Ikus-soft | 1 Rdiffweb | 2025-05-21 | 4.6 Medium |
| Use of Cache Containing Sensitive Information in GitHub repository ikus060/rdiffweb prior to 2.4.8. | ||||
| CVE-2022-32909 | 1 Apple | 1 Iphone Os | 2025-05-06 | 5.5 Medium |
| The issue was addressed with improved handling of caches. This issue is fixed in iOS 16. An app may be able to access user-sensitive data. | ||||
| CVE-2021-44854 | 1 Mediawiki | 1 Mediawiki | 2025-04-14 | 5.3 Medium |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis. | ||||
| CVE-2022-41032 | 3 Fedoraproject, Microsoft, Redhat | 7 Fedora, .net, .net Core and 4 more | 2025-02-28 | 7.8 High |
| NuGet Client Elevation of Privilege Vulnerability | ||||
| CVE-2024-12314 | 1 Megaoptim | 1 Rapid Cache | 2025-02-24 | 7.2 High |
| The Rapid Cache plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 1.2.3. This is due to plugin storing HTTP headers in the cached data. This makes it possible for unauthenticated attackers to poison the cache with custom HTTP headers that may be unsanitized which can lead to Cross-Site Scripting. | ||||
| CVE-2024-49580 | 1 Jetbrains | 1 Ktor | 2024-12-06 | 5.3 Medium |
| In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure | ||||