Total
29 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-57752 | 1 Vercel | 1 Next.js | 2025-09-08 | N/A | 6.2 MEDIUM |
| Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers (such as Cookie or Authorization), these responses could be incorrectly cached and served to unauthorized users due to a cache key confusion bug. This vulnerability has been fixed in Next.js versions 14.2.31 and 15.4.5. All users are encouraged to upgrade if they use API routes to serve images that depend on request headers and have image optimization enabled. | |||||
| CVE-2023-45696 | 1 Hcltech | 1 Sametime | 2025-06-03 | N/A | 4.0 MEDIUM |
| Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser. | |||||
| CVE-2022-32909 | 1 Apple | 1 Iphone Os | 2025-05-06 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved handling of caches. This issue is fixed in iOS 16. An app may be able to access user-sensitive data. | |||||
| CVE-2021-44854 | 1 Mediawiki | 1 Mediawiki | 2025-04-14 | N/A | 5.3 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis. | |||||
| CVE-2024-12314 | 1 Megaoptim | 1 Rapid Cache | 2025-02-24 | N/A | 7.2 HIGH |
| The Rapid Cache plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 1.2.3. This is due to plugin storing HTTP headers in the cached data. This makes it possible for unauthenticated attackers to poison the cache with custom HTTP headers that may be unsanitized which can lead to Cross-Site Scripting. | |||||
| CVE-2024-49580 | 1 Jetbrains | 1 Ktor | 2024-12-06 | N/A | 5.3 MEDIUM |
| In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure | |||||
| CVE-2023-37486 | 1 Sap | 2 Commerce Cloud, Commerce Hycom | 2024-11-21 | N/A | 5.9 MEDIUM |
| Under certain conditions SAP Commerce (OCC API) - versions HY_COM 2105, HY_COM 2205, COM_CLOUD 2211, endpoints allow an attacker to access information which would otherwise be restricted. On successful exploitation there could be a high impact on confidentiality with no impact on integrity and availability of the application. | |||||
| CVE-2022-3292 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | N/A | 4.6 MEDIUM |
| Use of Cache Containing Sensitive Information in GitHub repository ikus060/rdiffweb prior to 2.4.8. | |||||
| CVE-2024-41906 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-08-14 | N/A | 6.5 MEDIUM |
| A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application does not properly handle cacheable HTTP responses in the web service. This could allow an attacker to read and modify data stored in the local cache. | |||||