Lucene search
K

395 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-329 Django-Unicorn Class Pollution Vulnerability, Leading to XSS, DoS and Authentication Bypass

Summary Django-Unicorn is vulnerable to python class pollution vulnerability, a new type of vulnerability categorized under CWE-915. The vulnerability arises from the core functionality setpropertyvalue, which can be remotely triggered by users by crafting appropriate component requests and feedi...

9.3CVSS6.7AI score0.0047EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.5 views

CVE-2026-31815

Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modi...

5.3CVSS5.7AI score0.0021EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/11 12:11 a.m.5 views

EUVD-2026-10909

django-unicorn affected by component state manipulation via unvalidated attribute access...

5.3CVSS5.7AI score0.0021EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2026/03/11 12:11 a.m.4 views

simmate (>=0.14.0 <=0.17.0), tvsd (>=1.4.0 <=1.4.1) potentially affected by CVE-2026-31815 via django-unicorn (>=0.50.0 <=0.59.0)

django-unicorn PYPI version =0.50.0, =0.14.0, =1.4.0, =1.4.1 Source cves: CVE-2026-31815 Source advisory: OSV:GHSA-FFV6-JJ46-X367...

5.3CVSS5.8AI score0.0021EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/03/11 12:11 a.m.15 views

django-unicorn affected by component state manipulation via unvalidated attribute access

Summary Component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modify internal attributes such as templatename or trigger protected methods. Vulnerability...

5.3CVSS5.8AI score0.0021EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/11 12:11 a.m.5 views

GHSA-FFV6-JJ46-X367 django-unicorn affected by component state manipulation via unvalidated attribute access

Summary Component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modify internal attributes such as templatename or trigger protected methods. Vulnerability...

5.3CVSS5.8AI score0.0021EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/10 10:37 p.m.4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview django-unicorn is an A magical full-stack framework for Django. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via unvalidated attribute access within the action parsers that fail to enforce visibility...

6.9CVSS5.8AI score0.0021EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/03/10 10:37 p.m.9 views

simmate (>=0.14.0 <=0.17.0), tvsd (>=1.4.0 <=1.4.1) potentially affected by CVE-2026-31815 via django-unicorn (>=0.50.0 <=0.59.0)

django-unicorn PYPI version =0.50.0, =0.14.0, =1.4.0, =1.4.1 Source cves: CVE-2026-31815 Source advisory: SNYK:PYTHON-DJANGOUNICORN-15518682...

5.3CVSS5.8AI score0.0021EPSS
Exploits1
NVD
NVD
added 2026/03/10 10:16 p.m.6 views

CVE-2026-31815

Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modi...

5.3CVSS0.0021EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/10 9:7 p.m.5 views

CVE-2026-31815

Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modi...

5.3CVSS5.7AI score0.0021EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/03/10 9:7 p.m.20 views

CVE-2026-31815

CVE-2026-31815 affects django-unicorn prior to 0.67.0. The issue stems from missing access control checks during property updates and method calls, allowing an attacker to bypass _is_public protection and modify internal attributes (e.g., template_name) or trigger protected methods. Fixed in 0.67...

5.3CVSS5.7AI score0.0021EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/10 9:7 p.m.2 views

CVE-2026-31815 django-unicorn affected by component state manipulation via unvalidated attribute access

Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modi...

5.3CVSS5.7AI score0.0021EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/10 9:7 p.m.30 views

CVE-2026-31815 django-unicorn affected by component state manipulation via unvalidated attribute access

Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modi...

5.3CVSS0.0021EPSS
Exploits1References1
OSV
OSV
added 2026/03/10 9:7 p.m.8 views

CVE-2026-31815 django-unicorn affected by component state manipulation via unvalidated attribute access

Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modi...

5.3CVSS5.7AI score0.0021EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.8 views

PT-2026-24466

Name of the Vulnerable Software and Affected Versions Unicorn versions prior to 0.67.0 Description A flaw exists in django-unicorn that allows manipulation of component state due to insufficient access control checks when updating properties and calling methods. An attacker can bypass the intende...

5.3CVSS5.7AI score0.0021EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.7 views

Unicorn 安全漏洞

Unicorn is an open-source verifier developed by the World Wide Web Consortium. It helps people improve the quality of web pages by performing various checks. Versions of Unicorn prior to 0.67.0 contained security vulnerabilities; these vulnerabilities stemmed from lack of access control checks...

5.3CVSS5.7AI score0.0021EPSS
Exploits1References1
Circl
Circl
added 2026/03/09 10:58 a.m.9 views

CVE-2026-31815

creationtimestamp| type| source ---|---|--- 2026-03-09 10:58:20+00:00| published-proof-of-concept| https://github.com/django-commons/django-unicorn/security/advisories/GHSA-ffv6-jj46-x367...

5.3CVSS5.8AI score0.0021EPSS
Exploits1References1
Talos Blog
Talos Blog
added 2026/02/18 11:0 a.m.9 views

“Good enough” emulation: Fuzzing a single thread to uncover vulnerabilities

A Cisco Talos researcher worked around the limitations of hardware-level Code Read-out Protection RDP on the Socomec DIRIS M-70 gateway by pivoting from physical debugging to a "good enough" emulation approach. By focusing on emulating only the single thread responsible for Modbus protocol handli...

8.6CVSS6AI score0.0037EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 12:39 p.m.10 views

CVE-2023-29722

The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker cou...

9.1CVSS6.8AI score0.00784EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:38 p.m.8 views

CVE-2023-29723

The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opene...

7.5CVSS6.5AI score0.00845EPSS
Exploits1References1
Rows per page
Query Builder