38 matches found
Devolutions Remote Desktop Manager 2026.2.5 < 2026.2.12 Code Execution (DEVO-2026-0021)
The version of Devolutions Remote Desktop Manager installed on the remote host is 2026.2.5 through 2026.2.11. It is, therefore, affected by a code execution vulnerability: - Incorrect link resolution by display name in the custom PowerShell VPN editor allows an authenticated attacker with write...
Security Bulletin: IBM Edge Data Collector uses django-4.2.26-py3-none-any.whl which are vulnerable to CVE-2025-13372, CVE-2025-64460.
Summary IBM Edge Data Collector uses django-4.2.26-py3-none-any.whl which are vulnerable to CVE-2025-13372, CVE-2025-64460. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-13372 DESCRIPTION: An issue was discovered in 5.2 before...
Fedora: Security Advisory (FEDORA-2025-24dfd3b072)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2025-b1379d950d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (SUSE-SU-2025:4384-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 / openSUSE 15 Security Update : python-Django (SUSE-SU-2025:4384-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4384-1 advisory. - CVE-2025-13372: Fixed SQL Injection in FilteredRelation bsc1254437 - CVE-2025-64460: Fixed denial of service via specially...
Security update for python-Django
This update for python-Django fixes the following issues: CVE-2025-13372: Fixed SQL Injection in FilteredRelation bsc1254437 CVE-2025-64460: Fixed denial of service via specially crafted XML input in django.core.serializers.xmlserializer.getInnerText bsc1254437 Patch Instructions: To install this...
Security update for python-Django (important)
openSUSE security update: security update for python-django ------------------------------------------------------------- Announcement ID: openSUSE-SU-2025-20153-1 Rating: important References: bsc1252926 bsc1254437 Cross-References: CVE-2025-13372 CVE-2025-64459 CVE-2025-64460 CVSS scores:...
python311-Django-5.2.9-1.1 on GA media (moderate)
python311-Django-5.2.9-1.1 on GA media Announcement ID: openSUSE-SU-2025:15805-1 Rating: moderate Cross-References: CVE-2025-13372 CVE-2025-64460 CVSS scores: CVE-2025-13372 SUSE : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2025-64460 SUSE : 7.5...
Security update for python-Django (important)
openSUSE Security Update: Security update for python-Django Announcement ID: openSUSE-SU-2025:0465-1 Rating: important References: 1254437 Cross-References: CVE-2025-13372 CVE-2025-64460 CVSS scores: CVE-2025-13372 SUSE: 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2025-64460 SUSE: 7.5...
SUSE CVE-2025-13372
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...
Python Library Django 4.2.x < 4.2.27 / 5.1.x < 5.1.15 / 5.2.x < 5.2.9 Multiple Vulnerabilities
The detected version of the Django Python package, Django, is 4.2.x prior to 4.2.27, 5.1.x prior to 5.1.15, or 5.2.x prior to 5.2.9. It is, therefore, affected by multiple vulnearabilities as referenced by security release advisory: - An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15...
Django 4.2.x < 4.2.27, 5.0.x < 5.1.15, 5.2.x < 5.2.9 Multiple Vulnerabilities - Linux
Django is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:djangoproject:django"; if descriptio...
Ubuntu: Security Advisory (USN-7903-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
aa-altcorp (>=0.1.2b0 <=1.1.1), aa-alumni (>=0.0.1a1 <=1.0.1) +1470 more potentially affected by CVE-2025-13372 via django (>=5.2.0 <=5.2.8)
django PYPI version =5.2.0, =0.1.2b0, =0.0.1a1, =0.1.1, =3.1.0b1, =1.0.3, =0.0.1a2, =0.1.0, =0.2.0, =1.0.0, =1.1.0b3, =0.1.0b1, =0.1.0, =1.1.0 and more Source cves: CVE-2025-13372 Source advisory: OSV:GHSA-RQW2-GHQ9-44M7...
aldryn-django (>=4.2.10.0 <=4.2.18.0), alertwise (=1.0.0) +113 more potentially affected by CVE-2025-13372 via django (>=4.2.0 <=4.2.26)
django PYPI version =4.2.0, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =0.0.4.dev0, =8.0.0, =8.5.1 and more Source cves: CVE-2025-13372 Source advisory: OSV:GHSA-RQW2-GHQ9-44M7...
chromatrace (>=0.1.6 <=0.1.7), ddos-blocker (>=0.0.3 <=0.0.13) +21 more potentially affected by CVE-2025-13372 via django (>=5.1.0 <=5.1.14)
django PYPI version =5.1.0, =0.1.6, =0.0.3, =0.0.15, =2.7.0, =1.0.3, =0.6.2, =5.1.0, =0.2.30, =1.42.2, =1.21.0, =1.21.1.dev5 and more Source cves: CVE-2025-13372 Source advisory: OSV:GHSA-RQW2-GHQ9-44M7...
chromatrace (>=0.1.6 <=0.1.7), ddos-blocker (>=0.0.3 <=0.0.13) +21 more potentially affected by CVE-2025-13372 via django (>=5.1.0 <=5.1.14)
django PYPI version =5.1.0, =0.1.6, =0.0.3, =0.0.15, =2.7.0, =1.0.3, =0.6.2, =5.1.0, =0.2.30, =1.42.2, =1.21.0, =1.21.1.dev5 and more Source cves: CVE-2025-13372 Source advisory: OSV:PYSEC-2025-104...
aldryn-django (>=4.2.10.0 <=4.2.18.0), alertwise (=1.0.0) +113 more potentially affected by CVE-2025-13372 via django (>=4.2.0 <=4.2.26)
django PYPI version =4.2.0, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =0.0.4.dev0, =8.0.0, =8.5.1 and more Source cves: CVE-2025-13372 Source advisory: OSV:PYSEC-2025-104...
DEBIAN-CVE-2025-13372
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...