128 matches found
python311-Django-5.2.13-1.1 on GA media (moderate)
python311-Django-5.2.13-1.1 on GA media Announcement ID: openSUSE-SU-2026:10567-1 Rating: moderate Cross-References: CVE-2026-33033 CVE-2026-33034 CVE-2026-3902 CVE-2026-4277 CVE-2026-4292 CVSS scores: CVE-2026-33033 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-33033 SUSE : 6....
SUSE CVE-2026-3902
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...
CVE-2026-3902 vulnerabilities
Vulnerabilities for packages: awx, authentik-fips, label-studio, authentik...
python311-Django4-4.2.30-1.1 on GA media (moderate)
python311-Django4-4.2.30-1.1 on GA media Announcement ID: openSUSE-SU-2026:10516-1 Rating: moderate Cross-References: CVE-2026-33033 CVE-2026-33034 CVE-2026-3902 CVE-2026-4277 CVE-2026-4292 CVSS scores: CVE-2026-33033 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-33033 SUSE : 6...
11x-wagtail-blog (>=0.0.0 <=0.2.0), aldryn-django (>=5.0.2.0 <=5.1.5.0) +400 more potentially affected by CVE-2026-3902 via django (>=5.0.0 <=5.2.12)
django PYPI version =5.0.0, =0.0.0, =5.0.2.0, =0.0.15, =0.42.1, =1.0.0, =1.14.3, =0.0.20, =0.0.13, =0.0.19, =0.0.34, =0.0.50, =0.0.51 and more Source cves: CVE-2026-3902 Source advisory: SNYK:PYTHON-DJANGO-15923569...
arches (=8.0.0a1), desktop-django-starter (=0.1.0) +33 more potentially affected by CVE-2026-3902 via django (>=6.0.0 <=6.0.3)
django PYPI version =6.0.0, =2.0.0, =1.1.0, =0.1.0, =0.1.0b2, =0.2.0b1 and more Source cves: CVE-2026-3902 Source advisory: SNYK:PYTHON-DJANGO-15923569...
admin-auth0 (>=0.1.1 <=0.1.5), aldryn-django (>=4.2.10.0 <=4.2.18.0) +126 more potentially affected by CVE-2026-3902 via django (>=4.2.0 <=4.2.3)
django PYPI version =4.2.0, =0.1.1, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =0.0.9, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =4.17.1 and more Source cves: CVE-2026-3902 Source advisory: SNYK:PYTHON-DJANGO-15923569...
CVE-2026-3902
creationtimestamp| type| source ---|---|--- 2026-04-07 16:06:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miw5w2nhm324 2026-04-07 19:33:24+00:00| seen| Telegram/UR5TCX5vufcj9skQtsOGmPNpHO32u3eWlC-vhPXaaDs7Lc...
admin-auth0 (>=0.1.1 <=0.1.5), aldryn-django (>=4.2.10.0 <=4.2.18.0) +126 more potentially affected by CVE-2026-3902 via django (>=4.2.0 <=4.2.3)
django PYPI version =4.2.0, =0.1.1, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =0.0.9, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =4.17.1 and more Source cves: CVE-2026-3902 Source advisory: OSV:GHSA-MVFQ-GGXM-9MC5...
arches (=8.0.0a1), desktop-django-starter (=0.1.0) +33 more potentially affected by CVE-2026-3902 via django (>=6.0.0 <=6.0.3)
django PYPI version =6.0.0, =2.0.0, =1.1.0, =0.1.0, =0.1.0b2, =0.2.0b1 and more Source cves: CVE-2026-3902 Source advisory: OSV:GHSA-MVFQ-GGXM-9MC5...
arthexis (>=0.2.6 <=0.8.0), cg-django-uaa (=2.1.9) +29 more potentially affected by CVE-2026-3902 via django (>=5.2.0 <=5.2.12)
django PYPI version =5.2.0, =0.2.6, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2026-3902 Source advisory: OSV:GHSA-MVFQ-GGXM-9MC5...
admin-auth0 (>=0.1.1 <=0.1.5), aldryn-django (>=4.2.10.0 <=4.2.18.0) +126 more potentially affected by CVE-2026-3902 via django (>=4.2.0 <=4.2.3)
django PYPI version =4.2.0, =0.1.1, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =0.0.9, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =4.17.1 and more Source cves: CVE-2026-3902 Source advisory: OSV:PYSEC-2026-51...
arthexis (>=0.2.6 <=0.8.0), cg-django-uaa (=2.1.9) +29 more potentially affected by CVE-2026-3902 via django (>=5.2.0 <=5.2.12)
django PYPI version =5.2.0, =0.2.6, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2026-3902 Source advisory: OSV:PYSEC-2026-51...
arches (=8.0.0a1), desktop-django-starter (=0.1.0) +33 more potentially affected by CVE-2026-3902 via django (>=6.0.0 <=6.0.3)
django PYPI version =6.0.0, =2.0.0, =1.1.0, =0.1.0, =0.1.0b2, =0.2.0b1 and more Source cves: CVE-2026-3902 Source advisory: OSV:PYSEC-2026-51...
CVE-2026-3902 ASGI header spoofing via underscore/hyphen conflation
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...
CVE-2026-3902
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...
Linux Distros Unpatched Vulnerability : CVE-2026-3902
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an...
EUVD-2026-3902
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Pearson Specter pearsonspecter allows PHP Local File Inclusion.This issue affects Pearson Specter: from n/a through = 1.11.3...
SUSE SLES15 Security Update : squid (SUSE-SU-2025:3902-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:3902-1 advisory. - CVE-2025-62168: Fixed proxy auth data visible to scripts bsc1252281. Tenable has extracted the preceding description block directly from t...
CVE-2025-20714
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00432659; Issue ID: MSV-390...