Lucene search
K

7893 matches found

Nuclei
Nuclei
added yesterday25 views

Django RasterField - SQL Injection

Django 6.0.2, 5.2.11, and 4.2.28 contains a SQL injection caused by improper sanitization of the band index parameter in RasterField on PostGIS, letting remote attackers inject SQL, exploit requires crafted input. id: CVE-2026-1207 info: name: Django RasterField - SQL Injection author: omarkurt...

8.3CVSS6.8AI score0.09436EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday102 views

Label Studio - Sensitive Information Exposure

An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on the platform by exploiting Django's Object Relational Mapper ORM. Since the results of query can be manipulated by the ORM filter, an attacker can leak these sensitive fields character by...

7.5CVSS6.7AI score0.04055EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday67 views

Django - Open Redirect

Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 contains an open redirect vulnerability. If django.middleware.common.CommonMiddleware and APPENDSLASH settings are selected, and if the project has a URL pattern that accepts any path ending in a slash, an attacker can redirect a user to a...

6.1CVSS6.6AI score0.2549EPSS
Exploits0References6
NVD
NVD
added 2 days ago4 views

CVE-2026-13014

A vulnerability in Thales CERT "Suspicious" application = 1.3.4 allows a remote and unauthenticated attacker to execute arbitrary code and arbitrarily overwrite writable application files—including Python modules, configuration files, cron inputs, and runtime artifacts—leading to a persistent...

9.2CVSS0.0047EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-13014 Remote Code Execution vulnerability in "Suspicious" application

A vulnerability in Thales CERT "Suspicious" application = 1.3.4 allows a remote and unauthenticated attacker to execute arbitrary code and arbitrarily overwrite writable application files—including Python modules, configuration files, cron inputs, and runtime artifacts—leading to a persistent...

9.2CVSS0.0047EPSS
Exploits0References1
CVE
CVE
added 2 days ago18 views

CVE-2026-13014

The CVE covers Thales CERT "Suspicious" application, affected at versions

9.2CVSS6.4AI score0.0047EPSS
Exploits0References1
Nuclei
Nuclei
added 2 days ago95 views

Django Debug Page - Cross-Site Scripting

Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5 has HTML autoescaping disabled in a portion of the template for the technical 500 debug page. We detected that right circumstances DEBUG=True are present to allow a cross-site scripting attack. id: CVE-2017-12794 info: name: Django Debug Page -...

6.1CVSS6.6AI score0.23566EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 5 days ago8 views

CVE-2026-53877

A flaw was found in Django. Instantiating django.contrib.gis.gdal.GDALRaster with a bytes object representing a raster file can trigger a heap buffer over-read in the vsibuffer property, reading roughly 32 bytes past the end of the allocated buffer. An attacker who can supply crafted raster data...

6.3CVSS6.1AI score0.00291EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 5 days ago9 views

CVE-2026-48588

A flaw was found in Django. When django.middleware.cache.UpdateCacheMiddleware or django.views.decorators.cache.cachepage is in use, responses that set a cookie are not excluded from caching if the request includes any cookie, even when that cookie is unrelated to the response for example, a...

5.3CVSS6.1AI score0.00375EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 5 days ago7 views

CVE-2026-53878

A flaw was found in Django. django.core.validators.DomainNameValidator accepted newline characters in domain name input. When applications use this validator outside Django form fields and include the validated value in HTTP response headers, a remote attacker could perform HTTP header injection...

6.1CVSS6.1AI score0.00217EPSS
Exploits0References3
NVD
NVD
added 6 days ago6 views

CVE-2026-15188

A weakness has been identified in manjurulhoque django-job-portal up to dfa352f305bba44445ac5dc12e9b2a98c9dcd71f. Affected by this vulnerability is the function EditEmployeeProfileAPIView of the file accounts/api/views.py of the component Employee Dashboard Endpoint. This manipulation of the...

6.5CVSS0.00209EPSS
Exploits0References6
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42606

A weakness has been identified in manjurulhoque django-job-portal up to dfa352f305bba44445ac5dc12e9b2a98c9dcd71f. Affected by this vulnerability is the function EditEmployeeProfileAPIView of the file accounts/api/views.py of the component Employee Dashboard Endpoint. This manipulation of the...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References6
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-15188 manjurulhoque django-job-portal Employee Dashboard Endpoint views.py EditEmployeeProfileAPIView access control

A weakness has been identified in manjurulhoque django-job-portal up to dfa352f305bba44445ac5dc12e9b2a98c9dcd71f. Affected by this vulnerability is the function EditEmployeeProfileAPIView of the file accounts/api/views.py of the component Employee Dashboard Endpoint. This manipulation of the...

6.5CVSS0.00209EPSS
Exploits0References6
CVE
CVE
added 6 days ago7 views

CVE-2026-15188

The CVE affects manjurulhoque django-job-portal (up to commit dfa352f305bba44445ac5dc12e9b2a98c9dcd71f). The vulnerability resides in EditEmployeeProfileAPIView (accounts/api/views.py) of the Employee Dashboard Endpoint, where manipulating the role argument leads to improper access controls. An a...

6.5CVSS5.6AI score0.00209EPSS
Exploits0References6
OSV
OSV
added last week23 views

ROOT-APP-PYPI-CVE-2025-64458 CVE-2025-64458 in rootio-django - Patched by Root

Root has patched CVE-2025-64458 in the rootio-django package for Root:PyPI. Multiple fixed versions available...

7.5CVSS7.3AI score0.0193EPSS
Exploits1
OSV
OSV
added last week3 views

ROOT-APP-PYPI-CVE-2025-48432 CVE-2025-48432 in rootio-django - Patched by Root

Root has patched CVE-2025-48432 in the rootio-django package for Root:PyPI. Multiple fixed versions available...

5.3CVSS5.8AI score0.00629EPSS
Exploits0
OSV
OSV
added last week4 views

ROOT-APP-PYPI-CVE-2024-45231 CVE-2024-45231 in rootio-django - Patched by Root

Root has patched CVE-2024-45231 in the rootio-django package for Root:PyPI. Multiple fixed versions available...

5.3CVSS5.8AI score0.00805EPSS
Exploits0
OSV
OSV
added last week38 views

ROOT-APP-PYPI-CVE-2025-57833 CVE-2025-57833 in rootio-django - Patched by Root

Root has patched CVE-2025-57833 in the rootio-django package for Root:PyPI. Multiple fixed versions available...

8.1CVSS7.3AI score0.15602EPSS
Exploits4
OSV
OSV
added last week32 views

ROOT-APP-PYPI-CVE-2025-64459 CVE-2025-64459 in rootio-django - Patched by Root

Root has patched CVE-2025-64459 in the rootio-django package for Root:PyPI. Multiple fixed versions available...

9.1CVSS7.3AI score0.19396EPSS
Exploits10
OSV
OSV
added last week6 views

ROOT-APP-PYPI-CVE-2022-36359 CVE-2022-36359 in rootio-django - Patched by Root

Root has patched CVE-2022-36359 in the rootio-django package for Root:PyPI. Multiple fixed versions available...

8.8CVSS7.3AI score0.00657EPSS
Exploits0
Rows per page
Query Builder