CWE-524 · Use of Cache Containing Sensitive Information
35 CVEs classified under CWE-524 (Use of Cache Containing Sensitive Information). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-48901 | High | 7.5 | 2026-05-26 | The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key. |
CVE-2024-27917 | High | 7.5 | 2024-03-06 | Shopware is an open commerce platform based on Symfony Framework and Vue. The Symfony Session Handler pops the Session Cookie and assigns it to the Response. S… |
CVE-2024-45596 | High | 7.4 | 2024-09-10 | Directus is a real-time API and App dashboard for managing SQL database content. An unauthenticated user can access credentials of last authenticated user via… |
CVE-2024-12314 | High | 7.2 | 2025-02-18 | The Rapid Cache plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 1.2.3. This is due to plugin storing HTTP headers i… |
CVE-2026-25540 | Medium | 6.5 | 2026-02-04 | Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.3.19, 4.4.13, 4.5.6, Mastodon is vulnerable to web cache poison… |
CVE-2025-57752 | Medium | 6.2 | 2025-08-29 | Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization… |
CVE-2025-9901 | Medium | 5.9 | 2025-09-03 | A flaw was found in libsoup’s caching mechanism, SoupCache, where the HTTP Vary header is ignored when evaluating cached responses. This header ensures that re… |
CVE-2023-37486 | Medium | 5.9 | 2023-08-08 | Under certain conditions SAP Commerce (OCC API) - versions HY_COM 2105, HY_COM 2205, COM_CLOUD 2211, endpoints allow an attacker to access information which wo… |
CVE-2025-14806 | Medium | 5.7 | 2026-03-17 | IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attacker to trick the caching mechanism into storing and serving sensitive, user-specific resp… |
CVE-2025-5141 | Medium | 5.5 | 2025-06-17 | A binary in the BoKS Server Agent component of Fortra's Core Privileged Access Manager (BoKS) on versions 7.2.0 (up to 7.2.0.17), 8.1.0 (up to 8.1.0.22), 8.1.1… |
CVE-2026-32244 | Medium | 5.3 | 2026-05-19 | Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak… |
CVE-2026-44457 | Medium | 5.3 | 2026-05-13 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses th… |
CVE-2026-24472 | Medium | 5.3 | 2026-01-27 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclos… |
CVE-2024-49580 | Medium | 5.3 | 2024-10-17 | In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure |
CVE-2024-0874 | Medium | 5.3 | 2024-04-25 | A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching. |
CVE-2024-41906 | Medium | 4.8 | 2024-08-13 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application does not properly handle cac… |
CVE-2026-6907 | Medium | 4.3 | 2026-05-05 | An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. `django.middleware.cache.UpdateCacheMiddleware` erroneously caches requests where the `Vary`… |
CVE-2024-33004 | Medium | 4.3 | 2024-05-14 | SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On succes… |
CVE-2022-3292 | Medium | 4.3 | 2022-09-28 | Use of Cache Containing Sensitive Information in GitHub repository ikus060/rdiffweb prior to 2.4.8. |
CVE-2025-64696 | Low | 3.3 | 2025-12-09 | Android App "Brother iPrint&Scan" versions 6.13.7 and earlier improperly uses an external cache directory. If exploited, application-specific files may be acce… |