CVE-2026-48587

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

CVE-2026-48587 Potential exposure of private data via whitespace padding in Vary header

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

CVE-2026-48587

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

UBUNTU-CVE-2026-44673

libyang is a YANG data modeling language library. Prior to SO 5.2.15, lybreadstring in src/parserlyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciously crafted LYB binary blob. An attacker who can supply LYB data to any libyang consumer NETCONF server...

CVE-2026-44673 libyang: lyb_read_string() integer overflow → heap buffer overflow

libyang is a YANG data modeling language library. Prior to SO 5.2.15, lybreadstring in src/parserlyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciously crafted LYB binary blob. An attacker who can supply LYB data to any libyang consumer NETCONF server...

EUVD-2026-30484

libyang is a YANG data modeling language library. Prior to SO 5.2.15, lybreadstring in src/parserlyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciously crafted LYB binary blob. An attacker who can supply LYB data to any libyang consumer NETCONF server...

CVE-2024-31921

Cross-Site Request Forgery CSRF vulnerability in Etoile Web Design Ultimate Product Catalogue.This issue affects Ultimate Product Catalogue: from n/a through 5.2.15...

PT-2024-24284 · Etoile · Etoile Web Design Ultimate Product Catalogue

Name of the Vulnerable Software and Affected Versions: Etoile Web Design Ultimate Product Catalogue versions through 5.2.15 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions o...

WordPress plugin WP Basic Elements 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

WordPress 5.2.x < 5.2.15 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A stored cross-site scripting XSS vulnerability exists via wpfilterglobalstylespost. - A prototype pollution exists via the Gutenberg wordpress/url package. Note that the...

Security Bulletin: Potential security vulnerability in the WebSphere Application Server Admin Console affects Tivoli Storage Productivity Center (CVE-2017-1501)

Summary There is a potential security vulnerability in the WebSphere Application Server Admin Console affecting Tivoli Storage Productivity Center if you have updated the web services security bindings settings. If you changed the cipher suites in the web services security bindings settings, they...

Fedora 29 : kernel / kernel-headers / kernel-tools (2019-a570a92d5a)

The 5.2.17 stable kernel update contains a number of important fixes across the tree. ---- The 5.2.16 stable kernel updates contain a number of important fixes across the tree. ---- The 5.2.15 stable kernel update contains a number of important fixes across the tree. Note that Tenable Network...

[SECURITY] Fedora 30 Update: kernel-5.2.15-200.fc30

The kernel meta package...

PHP 5.2 < 5.2.15 Multiple Vulnerabilities

PHP is prone to multiple vulnerabilities. Copyright C 2012 NopSec Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or...

PHP <5.2.15 EXTR_OVERWRITE 安全模式绕过漏洞

No description provided by source...

Design/Logic Flaw

Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service heap memory corruption or have unspecified other impact via vectors related to use of set, get, isset, and unset methods on objects...

CVE-2010-4697

Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service heap memory corruption or have unspecified other impact via vectors related to use of set, get, isset, and unset methods on objects...

Mandriva Update for php MDVA-2010:238 (php)

Check for the Version of php OpenVAS Vulnerability Test Mandriva Update for php MDVA-2010:238 php Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

Mandriva Update for php MDVA-2010:238 (php)

Check for the Version of php OpenVAS Vulnerability Test Mandriva Update for php MDVA-2010:238 php Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

php-filter -- Denial of Service

The following DoS condition in filter extension was fixed in PHP 5.3.4 and PHP 5.2.15: Stack consumption vulnerability in the filtervar function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTERVALIDATEEMAIL mode is used, allows remote attackers to cause a denial of service memory...