CVEs classified under CWE-525, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (27)
CVE-2025-15554 — CVSS 7.8 (high): Browser caching of LAPS passwords in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate…
CVE-2025-48947: The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In Auth0 Next.js SDK versions 4.0.1…
CVE-2025-36364 — CVSS 6.2 (medium): IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system.
CVE-2024-31906 — CVSS 6.2 (medium): IBM Automation Decision Services 23.0.2 allows web pages to be stored locally which can be read by another user on the system.
CVE-2026-41918 — CVSS 5.7 (medium): A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V4.0). The affected applications stores sensitive…
CVE-2026-24437 — CVSS 5.5 (medium): Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) serve sensitive administrative content without appropriate…
CVE-2025-62276 — CVSS 5.5 (medium): The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay…
CVE-2024-25142 — CVSS 5.5 (medium): Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header…
CVE-2021-42015 — CVSS 5.5 (medium): A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.26), Mendix Applications using Mendix 8…
CVE-2026-41322 — CVSS 5.3 (medium): @astrojs/node allows Astro to deploy your SSR site to Node targets. Prior to 10.0.5, requesting a static js/css resources from _astro path…
CVE-2025-36082 — CVSS 4.0 (medium): IBM OpenPages 9.0 and 9.1 allows web page cache to be stored locally which can be read by another user on the system.
CVE-2025-1348 — CVSS 4.0 (medium): IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 could allow a local user to…
CVE-2025-1334 — CVSS 4.0 (medium): IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 allows web pages to be…
CVE-2023-43035 — CVSS 4.0 (medium): IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which can be read by another user on the system.
CVE-2024-22349 — CVSS 4.0 (medium): IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 allows web pages to be stored locally which can be read by…
CVE-2022-38383 — CVSS 4.0 (medium): IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10.12.0 through 1.10.21.0 allows web pages to…
CVE-2022-43841 — CVSS 4.0 (medium): IBM Aspera Console 3.4.0 through 3.4.2 PL9 allows web pages to be stored locally which can be read by another user on the system. IBM…
CVE-2024-22343 — CVSS 4.0 (medium): IBM TXSeries for Multiplatforms 8.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID…
CVE-2023-46181 — CVSS 4.0 (medium): IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM…
CVE-2023-27545 — CVSS 4.0 (medium): IBM Watson CloudPak for Data Data Stores information disclosure 4.6.0 allows web pages to be stored locally which can be read by another…
CVE-2025-27525 — CVSS 3.9 (low): Information Exposure vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT…
CVE-2025-13083 — CVSS 3.7 (low): Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured…
CVE-2025-52625 — CVSS 3.7 (low): A vulnerability Cacheable SSL Page Found vulnerability has been identified in HCL AION. Cached data may expose credentials, system…
CVE-2024-30130 — CVSS 3.7 (low): HCL Nomad server on Domino is vulnerable to the cache containing sensitive information which could potentially give an attacker the ability…
CVE-2024-45314 — CVSS 3.6 (low): Flask-AppBuilder is an application development framework. Prior to version 4.5.1, the auth DB login form default cache directives allows…
CVE-2025-52659 — CVSS 2.8 (low): HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive or dynamic…