Lucene search
K

764 matches found

RedhatCVE
RedhatCVE
added 4 days ago8 views

CVE-2026-53877

A flaw was found in Django. Instantiating django.contrib.gis.gdal.GDALRaster with a bytes object representing a raster file can trigger a heap buffer over-read in the vsibuffer property, reading roughly 32 bytes past the end of the allocated buffer. An attacker who can supply crafted raster data...

6.3CVSS6.1AI score0.00291EPSS
Exploits0References3
Snyk
Snyk
added last week5 views

Buffer Access with Incorrect Length Value

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Buffer Access with Incorrect Length Value in the GDALRaster process when constructed from a bytes object. An attacker can access...

6.3CVSS6AI score0.00291EPSS
Exploits0References2
EUVD
EUVD
added last week8 views

EUVD-2026-42045

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. DomainNameValidator does not prohibit newlines in domain names unless used via a form field, since CharField strips newlines. If an application uses values with newlines in an HTTP response, header injection can occur. Djan...

6.1CVSS5.8AI score0.00217EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-53877

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed fr...

6.3CVSS7AI score0.00291EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.14 views

TencentOS Server 4: python-django (TSSA-2026:0341)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0341 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

9.8CVSS5.5AI score0.00458EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/04 2:30 a.m.14 views

SUSE CVE-2026-8404

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their...

5.9CVSS5.8AI score0.00285EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/04 2:24 a.m.15 views

SUSE CVE-2026-35193

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

5.9CVSS5.8AI score0.00359EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/03 9:51 p.m.14 views

CVE-2026-48587

A flaw was found in Django. Remote attackers can exploit this vulnerability due to django.utils.cache.hasvaryheader not properly stripping whitespace from Vary response header values. This allows an attacker to read cached responses by sending requests to URLs with whitespace-padded Vary header...

5.3CVSS5.6AI score0.00354EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/03 9:51 p.m.11 views

CVE-2026-6873

A flaw was found in Django. A remote attacker could exploit a non-injective salt derivation in django.http.HttpRequest.getsignedcookie by crafting specific cookie name and salt argument pairs. This vulnerability allows the attacker to use a signed cookie in a different context than intended,...

4.3CVSS5.7AI score0.00245EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2026/06/03 4:25 p.m.8 views

arches (=8.0.0a1), avaintegration-metapackage (>=6.0.4.3 <=6.0.5.32) +47 more potentially affected by CVE-2026-35193 via django (>=6.0.0 <=6.0.5)

django PYPI version =6.0.0, =6.0.4.3, =2.0.0, =1.1.0, =0.1.0, =0.4.5 - django-ndr-core =0.70.2 - django-sb-simple-migrations =0.9.0 and more Source cves: CVE-2026-35193 Source advisory: SNYK:PYTHON-DJANGO-17151780...

3.1CVSS5.7AI score0.00359EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/03 4:25 p.m.7 views

11x-wagtail-blog (>=0.0.0 <=0.2.0), aldryn-django (>=5.0.2.0 <=5.1.5.0) +419 more potentially affected by CVE-2026-48587 via django (>=5.0.0 <=5.2.14)

django PYPI version =5.0.0, =0.0.0, =5.0.2.0, =0.0.15, =0.42.1, =1.0.0, =1.14.3, =0.0.20, =0.0.13, =0.0.19, =0.0.34, =0.0.50, =0.0.51 and more Source cves: CVE-2026-48587 Source advisory: SNYK:PYTHON-DJANGO-17151772...

5.3CVSS5.7AI score0.00354EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/03 4:24 p.m.7 views

11x-wagtail-blog (>=0.0.0 <=0.2.0), aldryn-django (>=5.0.2.0 <=5.1.5.0) +419 more potentially affected by CVE-2026-6873 via django (>=5.0.0 <=5.2.14)

django PYPI version =5.0.0, =0.0.0, =5.0.2.0, =0.0.15, =0.42.1, =1.0.0, =1.14.3, =0.0.20, =0.0.13, =0.0.19, =0.0.34, =0.0.50, =0.0.51 and more Source cves: CVE-2026-6873 Source advisory: SNYK:PYTHON-DJANGO-17151728...

4.3CVSS5.7AI score0.00245EPSS
Exploits0
Snyk
Snyk
added 2026/06/03 4:24 p.m.13 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the getsignedcookie function. An attacker can access data intended for a different context by crafting distinct name, salt pairs that result in the same concatenated value. Remediation...

4.8CVSS5.5AI score0.00245EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/06/03 4:23 p.m.6 views

arches (=8.0.0a1), avaintegration-metapackage (>=6.0.4.3 <=6.0.5.32) +47 more potentially affected by CVE-2026-7666 via django (>=6.0.0 <=6.0.5)

django PYPI version =6.0.0, =6.0.4.3, =2.0.0, =1.1.0, =0.1.0, =0.4.5 - django-ndr-core =0.70.2 - django-sb-simple-migrations =0.9.0 and more Source cves: CVE-2026-7666 Source advisory: SNYK:PYTHON-DJANGO-17151727...

3.1CVSS5.7AI score0.0015EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/03 4:23 p.m.9 views

arches (=8.0.0a1), avaintegration-metapackage (>=6.0.4.3 <=6.0.5.32) +47 more potentially affected by CVE-2026-8404 via django (>=6.0.0 <=6.0.5)

django PYPI version =6.0.0, =6.0.4.3, =2.0.0, =1.1.0, =0.1.0, =0.4.5 - django-ndr-core =0.70.2 - django-sb-simple-migrations =0.9.0 and more Source cves: CVE-2026-8404 Source advisory: SNYK:PYTHON-DJANGO-17151726...

5.3CVSS5.7AI score0.00285EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/03 2:16 p.m.5 views

arthexis (>=0.2.6 <=0.8.0), cg-django-uaa (=2.1.9) +49 more potentially affected by CVE-2026-7666 via django (>=5.2.0 <=5.2.14)

django PYPI version =5.2.0, =0.2.6, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2026-7666 Source advisory: OSV:PYSEC-2026-200...

3.1CVSS5.7AI score0.0015EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/03 2:16 p.m.7 views

arthexis (>=0.2.6 <=0.8.0), cg-django-uaa (=2.1.9) +49 more potentially affected by CVE-2026-8404 via django (>=5.2.0 <=5.2.14)

django PYPI version =5.2.0, =0.2.6, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2026-8404 Source advisory: OSV:PYSEC-2026-201...

5.3CVSS5.7AI score0.00285EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/03 2:16 p.m.7 views

arches (=8.0.0a1), avaintegration-metapackage (>=6.0.4.3 <=6.0.5.32) +47 more potentially affected by CVE-2026-8404 via django (>=6.0.0 <=6.0.5)

django PYPI version =6.0.0, =6.0.4.3, =2.0.0, =1.1.0, =0.1.0, =0.4.5 - django-ndr-core =0.70.2 - django-sb-simple-migrations =0.9.0 and more Source cves: CVE-2026-8404 Source advisory: OSV:PYSEC-2026-201...

5.3CVSS5.7AI score0.00285EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/03 2:16 p.m.6 views

arches (=8.0.0a1), avaintegration-metapackage (>=6.0.4.3 <=6.0.5.32) +47 more potentially affected by CVE-2026-6873 via django (>=6.0.0 <=6.0.5)

django PYPI version =6.0.0, =6.0.4.3, =2.0.0, =1.1.0, =0.1.0, =0.4.5 - django-ndr-core =0.70.2 - django-sb-simple-migrations =0.9.0 and more Source cves: CVE-2026-6873 Source advisory: OSV:PYSEC-2026-199...

4.3CVSS5.7AI score0.00245EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/03 2:16 p.m.7 views

arthexis (>=0.2.6 <=0.8.0), cg-django-uaa (=2.1.9) +49 more potentially affected by CVE-2026-6873 via django (>=5.2.0 <=5.2.14)

django PYPI version =5.2.0, =0.2.6, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2026-6873 Source advisory: OSV:PYSEC-2026-199...

4.3CVSS5.7AI score0.00245EPSS
Exploits0
Rows per page
Query Builder