Monthly
Cross-context cache disclosure in Directus before 12.0.0 lets share-token holders and anonymous clients receive permission-filtered responses that were cached for a differently-scoped principal, because the cache key omits authorization context. When response caching is enabled, the key derived in api/src/utils/get-cache-key.ts covers only version, path, query, and accountability.user; since share tokens and anonymous requests both collapse to user null, requests to the same URL and query share a cache bucket and skip permission re-evaluation. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the flaw is a straightforward, config-dependent information-disclosure issue fixed in 12.0.0.
Web session token theft from PAN-OS management interfaces affects PA-Series and VM-Series firewalls and Panorama deployments, enabling a network-adjacent unauthenticated attacker to hijack authenticated administrator sessions. Exploitation depends on a legitimate management user clicking an attacker-crafted malicious link while an active session exists - a social engineering prerequisite that substantially reduces real-world risk. No public exploit code exists (CVSS 4.0 E:U) and the issue is not listed in CISA KEV; the vendor rates overall CVSS 4.0 severity at 2.1, reflecting these mitigating factors.
Cache key misconfiguration in Open WebUI versions 0.6.27 through 0.9.x leaks permission-filtered model lists across authenticated users during the aiocache TTL window. The flaw exists in both the OpenAI and Ollama router handlers, where a lambda was incorrectly passed as the cache key instead of a per-user key_builder, collapsing all users into a single shared cache entry. An authenticated attacker on a shared instance can receive a different user's model list - revealing which AI models that user has access to - with no public exploit identified at time of analysis and a vendor-released patch available in v0.10.0.
Cache poisoning in Django's UpdateCacheMiddleware and cache_page() decorator exposes private user data to unauthenticated remote attackers by incorrectly serving cached responses across different cookie contexts. Versions 6.0 before 6.0.7 and 5.2 before 5.2.16 are confirmed affected; older unsupported branches (5.0.x, 4.1.x, 3.2.x) were not evaluated but may share the flaw. No public exploit or CISA KEV listing exists at time of analysis, and the low CVSS 4.0 score of 2.3 reflects meaningful preconditions, though the data-disclosure consequence for applications serving personalized, cookie-gated content through a shared cache is concrete.
Cross-user attribute structure leakage in API Platform Core's JSON:API and HAL serializers exposes the schema layout of security-gated properties to lower-privileged users through improper cache reuse. Versions from 2.6.0 up to 4.1.29, 4.2.26, and 4.3.12 are affected across the core, hal, and json-api packages. The component structure computed for a higher-privileged user's request can be served from cache to a subsequent lower-privileged user's request, bypassing the per-request evaluation of #[ApiProperty(security: ...)] predicates. No public exploit identified at time of analysis; vendor-released patches are available.
Improper packet cache handling in PowerDNS Recursor causes ECS zero-scoped DNS answers to be stored in the cache when they should be discarded or handled as global entries, creating an information disclosure pathway. All Recursor versions (cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*) are affected, but only deployments with EDNS Client Subnet (ECS) explicitly enabled are exposed. The CVSS score of 5.3 with a network vector and no required privileges reflects that any DNS client can trigger the improper caching behavior, though real-world impact is bounded by the non-default ECS configuration requirement. No public exploit code has been identified and the vulnerability is not listed in the CISA KEV catalog.
Web cache poisoning in the Ghost Node.js CMS before 6.37.0 lets an unauthenticated attacker inject an x-ghost-preview header that alters the rendered frontend response, which a shared caching layer then stores and serves to other visitors of the same page. When Ghost's public frontend and admin panel share a single domain, this request-specific preview output can be weaponized to hijack staff accounts; separate-domain deployments are not exposed. No public exploit is identified at time of analysis, and the issue carries a vendor CVSS of 9.6.
Cache information disclosure in Undici's shared-mode cache interceptor allows a prior authenticated user's HTTP response to be served to a subsequent, potentially unauthenticated, caller. Applications using Undici's explicit `interceptors.cache()` in shared mode that forward Authorization headers to an upstream which returns Cache-Control headers with whitespace-padded qualified directives (e.g., `private=" authorization"`) are affected across all v7 versions prior to 7.28.0 and all v8 versions prior to 8.5.0. No public exploit has been identified at time of analysis; exploitation is bounded by high attack complexity (CVSS AC:H, score 5.9), but when conditions align, the confidentiality impact is complete.
Information disclosure in @angular/common HttpTransferCache allows unauthenticated attackers to obtain other users' private data when Server-Side Rendering and hydration are enabled. The flaw stems from the cache failing to inspect the withCredentials flag or Cookie header, allowing credentialed responses to be serialized into SSR HTML and inadvertently shared via downstream CDN/reverse-proxy caches. No public exploit identified at time of analysis, but a vendor patch and detailed advisory describing the conditions are available.
Cache isolation failure in Typesense's search engine exposes restricted search results across Scoped Search API Key authorization boundaries. When server-side caching and Scoped API Keys are both active, a specific sequence of requests can cause the cache to serve results to a scoped requester that were originally populated by a less-restricted context, effectively bypassing the embedded filter constraints of that key. Versions prior to 29.1 and 30.2 are affected; vendor-released patches exist in both release lines, with no public exploit identified and an EPSS of 0.05% (15th percentile) confirming low current exploitation probability.
Cross-context cache disclosure in Directus before 12.0.0 lets share-token holders and anonymous clients receive permission-filtered responses that were cached for a differently-scoped principal, because the cache key omits authorization context. When response caching is enabled, the key derived in api/src/utils/get-cache-key.ts covers only version, path, query, and accountability.user; since share tokens and anonymous requests both collapse to user null, requests to the same URL and query share a cache bucket and skip permission re-evaluation. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the flaw is a straightforward, config-dependent information-disclosure issue fixed in 12.0.0.
Web session token theft from PAN-OS management interfaces affects PA-Series and VM-Series firewalls and Panorama deployments, enabling a network-adjacent unauthenticated attacker to hijack authenticated administrator sessions. Exploitation depends on a legitimate management user clicking an attacker-crafted malicious link while an active session exists - a social engineering prerequisite that substantially reduces real-world risk. No public exploit code exists (CVSS 4.0 E:U) and the issue is not listed in CISA KEV; the vendor rates overall CVSS 4.0 severity at 2.1, reflecting these mitigating factors.
Cache key misconfiguration in Open WebUI versions 0.6.27 through 0.9.x leaks permission-filtered model lists across authenticated users during the aiocache TTL window. The flaw exists in both the OpenAI and Ollama router handlers, where a lambda was incorrectly passed as the cache key instead of a per-user key_builder, collapsing all users into a single shared cache entry. An authenticated attacker on a shared instance can receive a different user's model list - revealing which AI models that user has access to - with no public exploit identified at time of analysis and a vendor-released patch available in v0.10.0.
Cache poisoning in Django's UpdateCacheMiddleware and cache_page() decorator exposes private user data to unauthenticated remote attackers by incorrectly serving cached responses across different cookie contexts. Versions 6.0 before 6.0.7 and 5.2 before 5.2.16 are confirmed affected; older unsupported branches (5.0.x, 4.1.x, 3.2.x) were not evaluated but may share the flaw. No public exploit or CISA KEV listing exists at time of analysis, and the low CVSS 4.0 score of 2.3 reflects meaningful preconditions, though the data-disclosure consequence for applications serving personalized, cookie-gated content through a shared cache is concrete.
Cross-user attribute structure leakage in API Platform Core's JSON:API and HAL serializers exposes the schema layout of security-gated properties to lower-privileged users through improper cache reuse. Versions from 2.6.0 up to 4.1.29, 4.2.26, and 4.3.12 are affected across the core, hal, and json-api packages. The component structure computed for a higher-privileged user's request can be served from cache to a subsequent lower-privileged user's request, bypassing the per-request evaluation of #[ApiProperty(security: ...)] predicates. No public exploit identified at time of analysis; vendor-released patches are available.
Improper packet cache handling in PowerDNS Recursor causes ECS zero-scoped DNS answers to be stored in the cache when they should be discarded or handled as global entries, creating an information disclosure pathway. All Recursor versions (cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*) are affected, but only deployments with EDNS Client Subnet (ECS) explicitly enabled are exposed. The CVSS score of 5.3 with a network vector and no required privileges reflects that any DNS client can trigger the improper caching behavior, though real-world impact is bounded by the non-default ECS configuration requirement. No public exploit code has been identified and the vulnerability is not listed in the CISA KEV catalog.
Web cache poisoning in the Ghost Node.js CMS before 6.37.0 lets an unauthenticated attacker inject an x-ghost-preview header that alters the rendered frontend response, which a shared caching layer then stores and serves to other visitors of the same page. When Ghost's public frontend and admin panel share a single domain, this request-specific preview output can be weaponized to hijack staff accounts; separate-domain deployments are not exposed. No public exploit is identified at time of analysis, and the issue carries a vendor CVSS of 9.6.
Cache information disclosure in Undici's shared-mode cache interceptor allows a prior authenticated user's HTTP response to be served to a subsequent, potentially unauthenticated, caller. Applications using Undici's explicit `interceptors.cache()` in shared mode that forward Authorization headers to an upstream which returns Cache-Control headers with whitespace-padded qualified directives (e.g., `private=" authorization"`) are affected across all v7 versions prior to 7.28.0 and all v8 versions prior to 8.5.0. No public exploit has been identified at time of analysis; exploitation is bounded by high attack complexity (CVSS AC:H, score 5.9), but when conditions align, the confidentiality impact is complete.
Information disclosure in @angular/common HttpTransferCache allows unauthenticated attackers to obtain other users' private data when Server-Side Rendering and hydration are enabled. The flaw stems from the cache failing to inspect the withCredentials flag or Cookie header, allowing credentialed responses to be serialized into SSR HTML and inadvertently shared via downstream CDN/reverse-proxy caches. No public exploit identified at time of analysis, but a vendor patch and detailed advisory describing the conditions are available.
Cache isolation failure in Typesense's search engine exposes restricted search results across Scoped Search API Key authorization boundaries. When server-side caching and Scoped API Keys are both active, a specific sequence of requests can cause the cache to serve results to a scoped requester that were originally populated by a less-restricted context, effectively bypassing the embedded filter constraints of that key. Versions prior to 29.1 and 30.2 are affected; vendor-released patches exist in both release lines, with no public exploit identified and an EPSS of 0.05% (15th percentile) confirming low current exploitation probability.