cg-django-uaa (=2.1.9), deeplabelnet (>=0.1.0 <=0.1.16) +39 more potentially affected by CVE-2026-35192 via django (>=5.2.0 <=5.2.13)

django PYPI version =5.2.0, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =5.2.0, =5.2.1 - djbackup =2.1.0 and more Source cves: CVE-2026-35192 Source advisory: OSV:GHSA-7H2M-M8VJ-598H...

cg-django-uaa (=2.1.9), deeplabelnet (>=0.1.0 <=0.1.16) +39 more potentially affected by CVE-2026-5766 via django (>=5.2.0 <=5.2.13)

django PYPI version =5.2.0, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =5.2.0, =5.2.1 - djbackup =2.1.0 and more Source cves: CVE-2026-5766 Source advisory: OSV:PYSEC-2026-54...

BIT-DJANGO-2026-4277 Privilege abuse in GenericInlineModelAdmin

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

Allocation of Resources Without Limits or Throttling

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the ASGI requests with a missing or understated Content-Length header whe...

EUVD-2026-19686

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

Django vulnerable to ASGI header spoofing via underscore/hyphen conflation

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

CVE-2026-3902

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

CVE-2026-4277

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

KDE Krita 安全漏洞

KDE Krita is a digital painting and animation software from the KDE community. A security vulnerability exists in KDE Krita versions prior to 5.2.13, which stems from a heap buffer overflow that may result from loading a specially crafted TGA file...

CVE-2025-59820

CVE-2025-59820 affects KDE Krita prior to 5.2.13, where loading a manipulated TGA file can trigger a heap-based buffer overflow in KisTgaImport (plugins/impex/tga/kis_tga_import.cpp). Debian/Alpine advisories confirm this can lead to potential arbitrary code execution; fixed packages are provided...

EUVD-2019-6936

Malware in sbrugna...

WordPress Advanced File Manager plugin 5.2.12-5.2.13 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin Advanced File Manager versions 5.2.12-5.2.13...

@angular-devkit/build-angular (>=18.0.0 <=18.1.0-next.2), @angular/build (>=18.0.0 <=18.1.0-next.2) +57 more potentially affected by CVE-2024-45811 via vite (>=5.2.0 <=5.2.13)

vite NPM version =5.2.0, =18.0.0, =18.0.0, =5.0.0-alpha.4, =0.1.0-rc.8, =18.0.0-next.46, =18.0.0-next.46, =3.0.2, =3.5.0, =4.1.0, =34.0.0, =2.1.3, =1.2.0, =1.0.0, =11.17.0, =8.0.8, =8.1.0 and more Source cves: CVE-2024-45811 Source advisory: OSV:GHSA-9CWX-2883-4WFX...

Plone Security Vulnerability

Plone is an open source content management system CMS built on the Zope application server. A security vulnerability exists in Plone official Docker version 5.2.13 5221, which stems from a vulnerability that allows an unauthenticated attacker to upload files to the server or delete files...

Plone Security Vulnerability

Plone is an open source content management system CMS built on the Zope application server. A security vulnerability exists in Plone version 5.2.13 that stems from allowing remote code execution via incorrect validation of HOST header input...

PT-2024-1348

Name of the Vulnerable Software and Affected Versions Plone Docker Official Image version 5.2.13 5221 Description The issue allows for remote code execution via improper validation of input by the HOST headers. This can be exploited by an attacker to execute arbitrary code by injecting code into...

Security Bulletin: Potential denial of service in WebSphere Application Server Admin Console affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4080)

Summary There is a potential denial of service in WebSphere Application Server Admin Console which affects IBM Spectrum Control formerly Tivoli Storage Productivity Center. Vulnerability Details CVEID: CVE-2019-4080 DESCRIPTION: IBM WebSphere Application Server Admin Console is vulnerable to a...

Security Bulletin: Potential spoofing attack in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1695)

Summary There is a potential spoofing attack in WebSphere Application Server using Form Login when using Java SE 6 which affects IBM Spectrum Control formerly Tivoli Storage Productivity Center. This does not occur when using other versions of the Java SE. Vulnerability Details CVEID: CVE-2018-16...

WordPress 5.2.x < 5.2.13 Expired DST Root CA X3 Certificate

According to its self-reported version number, the detected WordPress application is affected by an expired certificate. The wordpress/wp-includes/certificates/ca-bundle.crt file still contains the DST Root CA X3 expired certificate. Note that the scanner has not tested for these issues but has...

WordPress 5.8 < 5.8.2 / 5.7 < 5.7.4 / 5.6 < 5.6.6 / 5.5 < 5.5.7 / 5.4 < 5.4.8 / 5.3 < 5.3.10 / 5.2 < 5.2.13

WordPress versions 5.8 5.8.2 / 5.7 5.7.4 / 5.6 5.6.6 / 5.5 5.5.7 / 5.4 5.4.8 / 5.3 5.3.10 / 5.2 5.2.13 are affected by one or more vulnerabilities %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from WordPress Security...