UBUNTU-CVE-2025-71240

SPIP before 4.2.15 allows Cross-Site Scripting XSS via crafted content in HTML code tags. The application does not properly verify JavaScript within code tags, allowing an attacker to inject malicious scripts that execute in a victim's browser...

CVE-2025-71240 SPIP < 4.2.15 Cross-Site Scripting via Code Tags

SPIP before 4.2.15 allows Cross-Site Scripting XSS via crafted content in HTML code tags. The application does not properly verify JavaScript within code tags, allowing an attacker to inject malicious scripts that execute in a victim's browser...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000178)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000178 advisory. An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values and valueslist methods on models with a JSONField are subject to SQL...

EUVD-2024-28385

Malicious code in bioql PyPI...

CVE-2024-30464

Missing Authorization vulnerability in WPZOOM Social Icons Widget & Block by WPZOOM.This issue affects Social Icons Widget & Block by WPZOOM: from n/a through 4.2.15...

aldryn-django (=4.2.10.0), am-report (=0.1.5) +83 more potentially affected by CVE-2024-45230 via django (>=4.2.0 <=4.2.15)

django PYPI version =4.2.0, =7.5.1, =1.0.2, =0.0.1, =0.4.0, =4.16.2, =4.8.0, =5.2.0, =0.5.1, =0.12.2, =0.12.3 - directory-api-client =26.3.0 and more Source cves: CVE-2024-45230 Source advisory: OSV:GHSA-5HGC-2VFP-MQVC...

SPIP BigUp 4.2.15 Code Injection

============================================================================================================================================= | Title : SPIP BigUp 4.2.15 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64...

OPENSUSE-SU-2024:14248-1 python310-Django4-4.2.15-1.1 on GA media

These are all security issues fixed in the python310-Django4-4.2.15-1.1 package on the GA media of openSUSE Tumbleweed...

Django vulnerable to a denial-of-service attack

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters...

CVE-2024-41991

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters...

PT-2024-6154

Name of the Vulnerable Software and Affected Versions: Django versions 4.2 through 4.2.14 Django versions 5.0 through 5.0.7 Description: The issue is related to the floatformat function in Django, which can lead to uncontrolled resource consumption. This can be exploited by a remote attacker to...

CVE-2024-30464

Missing Authorization vulnerability in WPZOOM Social Icons Widget & Block by WPZOOM.This issue affects Social Icons Widget & Block by WPZOOM: from n/a through 4.2.15...

WordPress Social Icons Widget & Block by WPZOOM Plugin <= 4.2.15 is vulnerable to Broken Access Control

Software Social Icons Widget & Block by WPZOOM Type Plugin Vulnerable versions = 4.2.15 Fixed in 4.2.16 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-30464 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 49894ab6e8af Credits Rafie...

TerraMaster TOS 4.2.15 or lower - RCE chain from unauthenticated to root via session crafting.

Terramaster chained exploit that performs session crafting to achieve escalated privileges that allows an attacker to access vulnerable code execution flaws. TOS versions 4.2.15 and below are affected. CVE-2021-45839 is exploited to obtain the first administrator's hash set up on the system as we...

TerraMaster TOS 安全漏洞

TerraMaster TOS is a Linux-based operating system from China's TerraMaster, dedicated to the TerraMaster Cloud Storage NAS server. TerraMaster TOS has a security vulnerability that can be exploited by sending special input to /tos/index.php?app/del to execute arbitrary commands as root. The...

Terramaster TOS 4.2.15 - Remote Code Execution Exploit

Exploit Title: Terramaster TOS 4.2.15 - Remote Code Execution RCE Unauthenticated Exploit Author: n0tme thatsn0tmysite Full Write-Up: https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/ Vendor Homepage: https://www.terra-master.com/ Version: TOS 4.2.X 4.2.15-2107141517 Tested on: 4.2.15,...

TYPO3 Multiple Vulnerabilities (Oct 2010)

TYPO3 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; ifdescription...

TYPO3 - Arbitrary File Retrieval

?php / TYPO3-SA-2010-022.php Exploit Title: TYPO3 Unauthenticated Arbitrary File Retrieval TYPO3-SA-2010-020, TYPO3-SA-2010-022 Date: 29/12/2010 Author: ikki Software Link: http://typo3.org/download/, http://sourceforge.net/projects/typo3/files/ Version: 4.2.15, 4.3.7 or 4.4.4 Tested on: php CVE ...

strongSwan IKE_SA_INIT and IKE_AUTH DoS Vulnerabilities

This host has installed strongSwan and is prone to Denial of Service Vulnerabilities. OpenVAS Vulnerability Test $Id: gbstrongswanmultdosvuln.nasl 4869 2016-12-29 11:01:45Z teissa $ strongSwan IKESAINIT and IKEAUTH DoS Vulnerabilities Authors: Antu Sanadi Copyright: Copyright c 2009 Greenbone...