Lucene search
K

695 matches found

Ubuntu
Ubuntu
added 2026/04/07 5:31 p.m.10 views

USN-8154-1: Django vulnerabilities

Seokchan Yoon discovered that Django incorrectly handled copying memory when parsing multipart uploads with excessive whitespace. A remote attacker could possibly use this issue to cause Django to use excessive resources, leading to a denial of service. CVE-2026-33033 It was discovered that Djang...

9.8CVSS6AI score0.00769EPSS
Exploits1
OSV
OSV
added 2026/04/07 5:31 p.m.6 views

USN-8154-1 python-django vulnerabilities

Seokchan Yoon discovered that Django incorrectly handled copying memory when parsing multipart uploads with excessive whitespace. A remote attacker could possibly use this issue to cause Django to use excessive resources, leading to a denial of service. CVE-2026-33033 It was discovered that Djang...

9.8CVSS5.8AI score0.00769EPSS
Exploits1References6
Snyk
Snyk
added 2026/04/07 4:14 p.m.3 views

Missing Authorization

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Missing Authorization in the InlineModelAdmin.getformset function. An attacker can gain unauthorized access to add inline model...

9.8CVSS5.9AI score0.00458EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/07 3:30 p.m.7 views

Django vulnerable to privilege abuse in GenericInlineModelAdmin

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

9.8CVSS5.8AI score0.00458EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/07 3:30 p.m.12 views

Django vulnerable to privilege abuse in ModelAdmin.list_editable

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

2.7CVSS5.8AI score0.00294EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/04/07 3:30 p.m.3 views

EUVD-2026-19688

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

2.7CVSS5.8AI score0.00294EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/07 3:30 p.m.8 views

EUVD-2026-19687

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

5.8AI score0.00458EPSS
Exploits0References4
OSV
OSV
added 2026/04/07 3:30 p.m.1 views

GHSA-PWJP-CCJC-GHWG Django vulnerable to privilege abuse in GenericInlineModelAdmin

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

2.3CVSS5.8AI score0.00458EPSS
Exploits0References6
OSV
OSV
added 2026/04/07 3:30 p.m.4 views

GHSA-MMWR-2JHP-MC7J Django vulnerable to privilege abuse in ModelAdmin.list_editable

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

2.7CVSS5.8AI score0.00294EPSS
Exploits0References6
PyPA
PyPA
added 2026/04/07 3:17 p.m.9 views

PYSEC-2026-53

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.Admin changelist forms using ModelAdmin.listeditable incorrectly allowed newinstances to be created via forged POST data.Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated and...

2.7CVSS5.8AI score0.00294EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/07 3:17 p.m.11 views

DEBIAN-CVE-2026-4277

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

9.8CVSS5.2AI score0.00458EPSS
Exploits0References1
NVD
NVD
added 2026/04/07 3:17 p.m.5 views

CVE-2026-4292

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

2.7CVSS0.00294EPSS
Exploits0References3
PyPA
PyPA
added 2026/04/07 3:17 p.m.10 views

PYSEC-2026-52

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.Add permissions on inline model instances were not validated on submission offorged POST data in GenericInlineModelAdmin.Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated and...

9.8CVSS5.8AI score0.00458EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/07 3:17 p.m.7 views

DEBIAN-CVE-2026-4292

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

2.7CVSS5.1AI score0.00294EPSS
Exploits0References1
OSV
OSV
added 2026/04/07 3:17 p.m.7 views

PYSEC-2026-52

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

9.8CVSS5.7AI score0.00458EPSS
Exploits0References4
OSV
OSV
added 2026/04/07 3:17 p.m.12 views

PYSEC-2026-53

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

2.7CVSS5.7AI score0.00294EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/07 2:22 p.m.17 views

CVE-2026-4292 Privilege abuse in ModelAdmin.list_editable

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

0.00294EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/04/07 2:22 p.m.4 views

CVE-2026-4292

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

2.7CVSS5.8AI score0.00294EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/07 2:22 p.m.2 views

CVE-2026-4292

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

5.8AI score0.00294EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/07 2:22 p.m.1 views

CVE-2026-4292 Privilege abuse in ModelAdmin.list_editable

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

5.8AI score0.00294EPSS
Exploits0References3
Rows per page
Query Builder