CVE-2026-34218

ClearanceKit on macOS had a startup window where only the compile-time baseline policy was enforced by opfilter, delaying application of all managed and user-defined file-access rules until the GUI mutated policies via XPC. This allowed per-process access policies to be temporarily unenforced dur...

PT-2026-29276

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.14, two related startup defects created a window during which only the single compile-time baseline rule was enforced by opfilter. All managed MDM-delivered and user-defined...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000177)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000177 advisory. An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate method allows remote attackers t...

Wireshark 4.2.x < 4.2.14 A Vulnerability (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 4.2.14. It is, therefore, affected by a vulnerability as referenced in the wireshark-4.2.14 advisory. - MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service...

WordPress MultiVendorX plugin <= 4.2.14 - Unauthenticated Limited Local File Inclusion vulnerability

Unauthenticated Limited Local File Inclusion vulnerability discovered by mikemyers in WordPress Plugin MultiVendorX versions = 4.2.14...

aldryn-django (=4.2.10.0), am-report (=0.1.5) +80 more potentially affected by CVE-2024-41991 via django (>=4.2.0 <=4.2.14)

django PYPI version =4.2.0, =7.5.1, =0.0.1, =0.4.0, =5.2.0, =0.5.1, =0.12.2, =3.1.0, =7.2.2, =39.1.0, =39.1.4 and more Source cves: CVE-2024-41991 Source advisory: OSV:GHSA-R836-HH6V-RG5G...

aldryn-django (=4.2.10.0), am-report (=0.1.5) +80 more potentially affected by CVE-2024-41989 via django (>=4.2.0 <=4.2.14)

django PYPI version =4.2.0, =7.5.1, =0.0.1, =0.4.0, =5.2.0, =0.5.1, =0.12.2, =3.1.0, =7.2.2, =39.1.0, =39.1.4 and more Source cves: CVE-2024-41989 Source advisory: OSV:PYSEC-2024-67...

OPENSUSE-SU-2024:14208-1 python310-Django4-4.2.14-1.1 on GA media

These are all security issues fixed in the python310-Django4-4.2.14-1.1 package on the GA media of openSUSE Tumbleweed...

Django vulnerable to user enumeration attack

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password...

GHSA-QG2P-9JWR-MMQF Django vulnerable to Denial of Service

An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets...

PYSEC-2024-58

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generatefilename without replicating the file-path validations from the parent class, potentially allow directory traversal via certain...

PYSEC-2024-57

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password...

Django Security Vulnerabilities

Django is a set of open source web application frameworks based on the Python language from the Django Foundation. The framework includes an object-oriented mapper, view system, template system, and more. A security vulnerability exists in Django version 5.0 up to and including version 5.0.7, and...

PT-2024-6225

Name of the Vulnerable Software and Affected Versions: Django versions 4.2 through 4.2.13 Django versions 5.0 through 5.0.6 Description: The issue is related to a potential denial of service attack via certain inputs with a very large number of brackets in the urlize and urlizetrunc functions. Th...

SUSE CVE-2017-5361

Request Tracker RT 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack...

DEBIAN-CVE-2017-5943

Request Tracker RT 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery CSRF verification tokens via a crafted URL...

CVE-2017-5361

Request Tracker RT 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack...

Debian Security Advisory DSA 3816-1 (samba - security update)

Jann Horn of Google discovered a time-of-check, time-of-use race condition in Samba, a SMB/CIFS file, print, and login server for Unix. A malicious client can take advantage of this flaw by exploting a symlink race to access areas of the server file system not exported under a share definition...

CVE-2016-2119

libcli/smb/smbXclibase.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the 1 SMB2SESSIONFLAGISGUEST or 2 SMB2SESSIONFLAGISNULL flag...

Oracle VM VirtualBox 4.2 < 4.2.14 tracepath Local Denial of Service

Binary data 6937.prm...