CWE-524: CWE-524

This vulnerability in Shopware allows session fixation attacks where cached 404 pages inadvertently expose session cookies to subsequent users. Attack...

Mastodon servers with AUTHORIZED_FETCH enabled are vulnerable to web cache poisoning where ActivityPub endpoints for pinned posts and featured hashtag...

Axios Cache Interceptor versions before 1.11.1 incorrectly cache responses without considering Authorization headers, allowing cached responses from o...

Next.js Image Optimization API routes have a cache key confusion vulnerability that could serve cached image responses to unauthorized users. This aff...

A vulnerability in libsoup's SoupCache ignores the HTTP Vary header when evaluating cached responses, allowing cached content to be incorrectly reused...

Chamilo LMS 1.11.2 fails to properly clear cached sensitive user data from the Social Network/personal_data endpoint after logout. This allows subsequ...

Hono web framework versions before 4.11.7 have a cache middleware vulnerability that improperly handles HTTP cache control directives. This allows pri...

The CVE-2024-49580 vulnerability in JetBrains Ktor's HttpCache Plugin involves improper caching that could allow unauthorized disclosure of cached HTT...

SINEC Traffic Analyzer versions before V2.0 have a vulnerability where the web service doesn't properly handle cacheable HTTP responses. This allows a...

Flask versions 3.1.2 and below have a cache vulnerability where accessing session keys with certain Python operators (like 'in') fails to set proper c...

The Brother iPrint&Scan Android app versions 6.13.7 and earlier improperly stores application files in an external cache directory accessible to other...

This vulnerability allows an attacker with physical access to a Mac to view deleted notes due to improper cache handling. It affects macOS users runni...