CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2026/05/20 12:0 a.m.•4 views

Fedora 44 : python-django6 (2026-de6e24ae07)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-de6e24ae07 advisory. - Fixes CVE-2026-5766: Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass - Fixes CVE-2026-35192: Session...

9.8CVSS5.9AI score0.00051EPSS

Tenable Nessus•added 2026/05/14 12:0 a.m.•2 views

Fedora 42 : python-django5 (2026-b9548393aa)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-b9548393aa advisory. - Fixes CVE-2026-5766: Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass - Fixes CVE-2026-35192: Session...

9.8CVSS5.8AI score0.00051EPSS

Tenable Nessus•added 2026/05/10 12:0 a.m.•4 views

openSUSE 16 Security Update : python-Django (openSUSE-SU-2026:20704-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20704-1 advisory. Changes in python-Django: - CVE-2026-5766: Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass bsc1264153 -...

6.5CVSS5.8AI score0.00051EPSS

Exploits0References9

Tenable Nessus•added 2026/05/08 12:0 a.m.•12 views

Python Library Django 5.2.x < 5.2.14 / 6.0.x < 6.0.5 Multiple Vulnerabilities

The detected version of the Django Python package is 5.2.x prior to 5.2.14 or 6.0.x prior to 6.0.5. It is, therefore, affected by multiple vulnerabilities, including: - ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially...

6.5CVSS5.8AI score0.00051EPSS

OSV•added 2026/05/07 7:0 a.m.•2 views

SUSE-SU-2026:1740-1 Security update for python-Django

This update for python-Django fixes the following issues - CVE-2026-3902: headers spoofing by exploiting an ambiguous mapping of two header variants in ASGIRequest requests bsc1261729. - CVE-2026-4277: permissions on inline model instances were not validated on submission of forged POST data in...

9.8CVSS5.8AI score0.00051EPSS

Exploits1References17

SUSE CVE•added 2026/05/06 1:45 a.m.•6 views

SUSE CVE-2026-5766

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...

5.3CVSS5.8AI score0.00051EPSS

Snyk•added 2026/05/05 5:30 p.m.•3 views

Improper Handling of Length Parameter Inconsistency

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Improper Handling of Length Parameter Inconsistency in the handling of ASGI requests when the Content-Length header is missing or...

Cvelist•added 2026/05/05 2:49 p.m.•29 views

Exploits0References2

CVE-2026-5766 Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass

6.3CVSS0.00051EPSS

Exploits0References3

CVE•added 2026/05/05 2:49 p.m.•10 views

CVE-2026-5766

CVE-2026-5766 affects Django 6.0 before 6.0.5 and 5.2 before 5.2.14. An ASGI request with a missing or understated Content-Length can bypass FILE_UPLOAD_MAX_MEMORY_SIZE, potentially loading large files into memory and degrading service. The issue is mitigated by applying the patched releases (6.0...

Exploits0References3Affected Software1

Vulnrichment•added 2026/05/05 2:49 p.m.•7 views

CVE-2026-5766 Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass

OSV•added 2026/05/05 2:0 p.m.•0 views

Exploits0References3

UBUNTU-CVE-2026-5766

OPENSUSE Linux•added 2026/04/21 12:0 a.m.•3 views

Security update for python-Django (important)

openSUSE security update: security update for python-django ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20578-1 Rating: important References: bsc1261722 bsc1261724 bsc1261729 bsc1261731 bsc1261732 Cross-References: CVE-2026-33033 CVE-2026-33034...

6.9CVSS5.7AI score0.00049EPSS

Exploits1References5

OSV•added 2026/04/16 11:38 p.m.•1 views

BIT-DJANGO-2026-33034 Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...

7.5CVSS5.8AI score0.00035EPSS

OSV•added 2026/04/13 1:39 p.m.•2 views

OPENSUSE-SU-2026:20578-1 Security update for python-Django

This update for python-Django fixes the following issues: Changes in python-Django: - CVE-2026-3902: ASGI header spoofing via underscore/hyphen conflation bsc1261729 - CVE-2026-4277: Privilege abuse in GenericInlineModelAdmin bsc1261731 - CVE-2026-4292: Privilege abuse in ModelAdmin.listeditable...

9.8CVSS5.8AI score0.00049EPSS