Lucene search
K

7863 matches found

RedhatCVE
RedhatCVE
added 2026/06/03 9:51 p.m.14 views

CVE-2026-8404

A flaw was found in Django. The django.middleware.cache.UpdateCacheMiddleware component does not correctly process Cache-Control response directives when they use uppercase or mixed-case values. This vulnerability allows a remote attacker to read responses that should not have been cached, leadin...

5.3CVSS5.7AI score0.00285EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/03 9:51 p.m.17 views

CVE-2026-35193

A flaw was found in Django. This vulnerability allows a remote attacker to read private cached responses. This occurs because the UpdateCacheMiddleware in Django does not correctly add the Authorization header to the Vary response header for requests that include an Authorization header but lack...

3.1CVSS5.7AI score0.00359EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/03 9:51 p.m.12 views

CVE-2026-7666

A flaw was found in Django. An on-path network attacker could exploit a vulnerability in django.core.mail.backends.smtp.EmailBackend where a partially-initialized connection is reused after a failed STARTTLS handshake when failsilently=True. This could allow the attacker to intercept and read ema...

3.1CVSS5.6AI score0.0015EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/03 9:51 p.m.11 views

CVE-2026-6873

A flaw was found in Django. A remote attacker could exploit a non-injective salt derivation in django.http.HttpRequest.getsignedcookie by crafting specific cookie name and salt argument pairs. This vulnerability allows the attacker to use a signed cookie in a different context than intended,...

4.3CVSS5.7AI score0.00245EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2026/06/03 4:25 p.m.7 views

11x-wagtail-blog (>=0.0.0 <=0.2.0), aldryn-django (>=5.0.2.0 <=5.1.5.0) +419 more potentially affected by CVE-2026-35193 via django (>=5.0.0 <=5.2.14)

django PYPI version =5.0.0, =0.0.0, =5.0.2.0, =0.0.15, =0.42.1, =1.0.0, =1.14.3, =0.0.20, =0.0.13, =0.0.19, =0.0.34, =0.0.50, =0.0.51 and more Source cves: CVE-2026-35193 Source advisory: SNYK:PYTHON-DJANGO-17151780...

3.1CVSS5.7AI score0.00359EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/03 4:25 p.m.8 views

arches (=8.0.0a1), avaintegration-metapackage (>=6.0.4.3 <=6.0.5.32) +47 more potentially affected by CVE-2026-35193 via django (>=6.0.0 <=6.0.5)

django PYPI version =6.0.0, =6.0.4.3, =2.0.0, =1.1.0, =0.1.0, =0.4.5 - django-ndr-core =0.70.2 - django-sb-simple-migrations =0.9.0 and more Source cves: CVE-2026-35193 Source advisory: SNYK:PYTHON-DJANGO-17151780...

3.1CVSS5.7AI score0.00359EPSS
Exploits0
Snyk
Snyk
added 2026/06/03 4:25 p.m.10 views

Use of Cache Containing Sensitive Information

Overview Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the UpdateCacheMiddleware function. An attacker can access sensitive cached data by making unauthenticated requests to endpoints that have previously been accessed with an Authorization...

5.9CVSS5.5AI score0.00359EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/06/03 4:25 p.m.7 views

arches (=8.0.0a1), avaintegration-metapackage (>=6.0.4.3 <=6.0.5.32) +47 more potentially affected by CVE-2026-48587 via django (>=6.0.0 <=6.0.5)

django PYPI version =6.0.0, =6.0.4.3, =2.0.0, =1.1.0, =0.1.0, =0.4.5 - django-ndr-core =0.70.2 - django-sb-simple-migrations =0.9.0 and more Source cves: CVE-2026-48587 Source advisory: SNYK:PYTHON-DJANGO-17151772...

5.3CVSS5.7AI score0.00354EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/03 4:25 p.m.7 views

11x-wagtail-blog (>=0.0.0 <=0.2.0), aldryn-django (>=5.0.2.0 <=5.1.5.0) +419 more potentially affected by CVE-2026-48587 via django (>=5.0.0 <=5.2.14)

django PYPI version =5.0.0, =0.0.0, =5.0.2.0, =0.0.15, =0.42.1, =1.0.0, =1.14.3, =0.0.20, =0.0.13, =0.0.19, =0.0.34, =0.0.50, =0.0.51 and more Source cves: CVE-2026-48587 Source advisory: SNYK:PYTHON-DJANGO-17151772...

5.3CVSS5.7AI score0.00354EPSS
Exploits0
Snyk
Snyk
added 2026/06/03 4:25 p.m.12 views

Incomplete Comparison with Missing Factors

Overview Affected versions of this package are vulnerable to Incomplete Comparison with Missing Factors in the hasvaryheader function. An attacker can gain access to cached responses intended for other users by sending requests with whitespace-padded Vary header values. Remediation Upgrade django...

5.9CVSS5.4AI score0.00354EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/06/03 4:24 p.m.7 views

11x-wagtail-blog (>=0.0.0 <=0.2.0), aldryn-django (>=5.0.2.0 <=5.1.5.0) +419 more potentially affected by CVE-2026-6873 via django (>=5.0.0 <=5.2.14)

django PYPI version =5.0.0, =0.0.0, =5.0.2.0, =0.0.15, =0.42.1, =1.0.0, =1.14.3, =0.0.20, =0.0.13, =0.0.19, =0.0.34, =0.0.50, =0.0.51 and more Source cves: CVE-2026-6873 Source advisory: SNYK:PYTHON-DJANGO-17151728...

4.3CVSS5.7AI score0.00245EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/03 4:24 p.m.11 views

arches (=8.0.0a1), avaintegration-metapackage (>=6.0.4.3 <=6.0.5.32) +47 more potentially affected by CVE-2026-6873 via django (>=6.0.0 <=6.0.5)

django PYPI version =6.0.0, =6.0.4.3, =2.0.0, =1.1.0, =0.1.0, =0.4.5 - django-ndr-core =0.70.2 - django-sb-simple-migrations =0.9.0 and more Source cves: CVE-2026-6873 Source advisory: SNYK:PYTHON-DJANGO-17151728...

4.3CVSS5.7AI score0.00245EPSS
Exploits0
Snyk
Snyk
added 2026/06/03 4:24 p.m.13 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the getsignedcookie function. An attacker can access data intended for a different context by crafting distinct name, salt pairs that result in the same concatenated value. Remediation...

4.8CVSS5.5AI score0.00245EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/06/03 4:23 p.m.8 views

arches (=8.0.0a1), avaintegration-metapackage (>=6.0.4.3 <=6.0.5.32) +47 more potentially affected by CVE-2026-8404 via django (>=6.0.0 <=6.0.5)

django PYPI version =6.0.0, =6.0.4.3, =2.0.0, =1.1.0, =0.1.0, =0.4.5 - django-ndr-core =0.70.2 - django-sb-simple-migrations =0.9.0 and more Source cves: CVE-2026-8404 Source advisory: SNYK:PYTHON-DJANGO-17151726...

5.3CVSS5.7AI score0.00285EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/03 4:23 p.m.8 views

11x-wagtail-blog (>=0.0.0 <=0.2.0), aldryn-django (>=5.0.2.0 <=5.1.5.0) +419 more potentially affected by CVE-2026-8404 via django (>=5.0.0 <=5.2.14)

django PYPI version =5.0.0, =0.0.0, =5.0.2.0, =0.0.15, =0.42.1, =1.0.0, =1.14.3, =0.0.20, =0.0.13, =0.0.19, =0.0.34, =0.0.50, =0.0.51 and more Source cves: CVE-2026-8404 Source advisory: SNYK:PYTHON-DJANGO-17151726...

5.3CVSS5.7AI score0.00285EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/03 4:23 p.m.6 views

arches (=8.0.0a1), avaintegration-metapackage (>=6.0.4.3 <=6.0.5.32) +47 more potentially affected by CVE-2026-7666 via django (>=6.0.0 <=6.0.5)

django PYPI version =6.0.0, =6.0.4.3, =2.0.0, =1.1.0, =0.1.0, =0.4.5 - django-ndr-core =0.70.2 - django-sb-simple-migrations =0.9.0 and more Source cves: CVE-2026-7666 Source advisory: SNYK:PYTHON-DJANGO-17151727...

3.1CVSS5.7AI score0.0015EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/03 4:23 p.m.6 views

11x-wagtail-blog (>=0.0.0 <=0.2.0), aldryn-django (>=5.0.2.0 <=5.1.5.0) +419 more potentially affected by CVE-2026-7666 via django (>=5.0.0 <=5.2.14)

django PYPI version =5.0.0, =0.0.0, =5.0.2.0, =0.0.15, =0.42.1, =1.0.0, =1.14.3, =0.0.20, =0.0.13, =0.0.19, =0.0.34, =0.0.50, =0.0.51 and more Source cves: CVE-2026-7666 Source advisory: SNYK:PYTHON-DJANGO-17151727...

3.1CVSS5.7AI score0.0015EPSS
Exploits0
Snyk
Snyk
added 2026/06/03 4:23 p.m.12 views

Cleartext Transmission of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information in the EmailBackend function when a failed STARTTLS handshake occurs and failsilently=True is set. An attacker can intercept and read email content by performing a man-in-the-middle attack...

7.4CVSS5.4AI score0.0015EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/03 4:23 p.m.8 views

Improper Handling of Case Sensitivity

Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to improper handling of Cache-Control directives in UpdateCacheMiddleware. An attacker can gain unauthorized access to sensitive response data by sending requests with uppercase or mixed-case...

5.9CVSS5.4AI score0.00285EPSS
Exploits0References2
PyPA
PyPA
added 2026/06/03 2:16 p.m.19 views

PYSEC-2026-201

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6.django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their...

5.3CVSS5.4AI score0.00285EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder