Lucene search
K

87115 matches found

EUVD
EUVD
added 2026/04/07 3:30 p.m.6 views

EUVD-2026-19606

Dolibarr ERP/CRM versions prior to 23.0.2 contain an authenticated remote code execution vulnerability in the dolevalstandard function that fails to apply forbidden string checks in whitelist mode and does not detect PHP dynamic callable syntax. Attackers with administrator privileges can inject...

8.6CVSS6.6AI score0.15527EPSS
Exploits2References6
OSV
OSV
added 2026/04/07 3:17 p.m.10 views

DEBIAN-CVE-2026-4277

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

9.8CVSS5.2AI score0.00458EPSS
Exploits0References1
PyPA
PyPA
added 2026/04/07 3:17 p.m.9 views

PYSEC-2026-53

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.Admin changelist forms using ModelAdmin.listeditable incorrectly allowed newinstances to be created via forged POST data.Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated and...

2.7CVSS5.8AI score0.00294EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/04/07 3:17 p.m.5 views

CVE-2026-4292

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

2.7CVSS0.00294EPSS
Exploits0References3
OSV
OSV
added 2026/04/07 3:17 p.m.7 views

DEBIAN-CVE-2026-4292

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

2.7CVSS5.1AI score0.00294EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/04/07 3:17 p.m.10 views

arches (=8.0.0a1), desktop-django-starter (=0.1.0) +33 more potentially affected by CVE-2026-4277 via django (>=6.0.0 <=6.0.3)

django PYPI version =6.0.0, =2.0.0, =1.1.0, =0.1.0, =0.1.0b2, =0.2.0b1 and more Source cves: CVE-2026-4277 Source advisory: OSV:PYSEC-2026-52...

9.8CVSS5.4AI score0.00458EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/07 3:17 p.m.6 views

admin-auth0 (>=0.1.1 <=0.1.5), aldryn-django (>=4.2.10.0 <=4.2.18.0) +126 more potentially affected by CVE-2026-3902 via django (>=4.2.0 <=4.2.3)

django PYPI version =4.2.0, =0.1.1, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =0.0.9, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =4.17.1 and more Source cves: CVE-2026-3902 Source advisory: OSV:PYSEC-2026-51...

7.5CVSS5.8AI score0.00436EPSS
Exploits0
OSV
OSV
added 2026/04/07 3:17 p.m.12 views

PYSEC-2026-53

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

2.7CVSS5.7AI score0.00294EPSS
Exploits0References4
NVD
NVD
added 2026/04/07 3:17 p.m.5 views

CVE-2026-35463

pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the ADMINONLYOPTIONS protection mechanism restricts security-critical configuration values reconnect scripts, SSL certs, proxy credentials to admin-only access. However, this protection is only...

8.8CVSS0.00815EPSS
Exploits1References2
NVD
NVD
added 2026/04/07 3:17 p.m.6 views

CVE-2026-35464

pyLoad is a free and open-source download manager written in Python. The fix for CVE-2026-33509 added an ADMINONLYOPTIONS set to block non-admin users from modifying security-critical config options. The storagefolder option is not in this set and passes the existing path restriction because the...

7.5CVSS0.00529EPSS
Exploits2References4
CVE
CVE
added 2026/04/07 2:38 p.m.12 views

CVE-2026-35464

Summary: CVE-2026-35464 affects pyLoad and describes an incomplete fix for CVE-2026-33509, where a non-admin user with SETTINGS and ADD permissions can redirect downloads to the Flask filesystem session store and trigger arbitrary code execution via a crafted pickle payload deserialized during re...

7.5CVSS6.5AI score0.00529EPSS
Exploits2References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/07 2:32 p.m.1 views

CVE-2026-35463 pyLoad has Improper Neutralization of Special Elements used in an OS Command

pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the ADMINONLYOPTIONS protection mechanism restricts security-critical configuration values reconnect scripts, SSL certs, proxy credentials to admin-only access. However, this protection is only...

8.8CVSS6.2AI score0.00815EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/07 2:32 p.m.2 views

CVE-2026-35463

pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the ADMINONLYOPTIONS protection mechanism restricts security-critical configuration values reconnect scripts, SSL certs, proxy credentials to admin-only access. However, this protection is only...

8.8CVSS6.2AI score0.00815EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/07 2:32 p.m.22 views

CVE-2026-35463 pyLoad has Improper Neutralization of Special Elements used in an OS Command

pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the ADMINONLYOPTIONS protection mechanism restricts security-critical configuration values reconnect scripts, SSL certs, proxy credentials to admin-only access. However, this protection is only...

8.8CVSS0.00815EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/07 2:22 p.m.17 views

CVE-2026-4292 Privilege abuse in ModelAdmin.list_editable

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

0.00294EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/07 2:22 p.m.2 views

CVE-2026-4292

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

5.8AI score0.00294EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/04/07 2:22 p.m.14 views

CVE-2026-4292

Django CVE-2026-4292 affects multiple supported lines and older unsupported series: 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. The issue arises from Admin changelist forms using ModelAdmin.list_editable , which can be exploited to create new instances via forged POST data. The de...

2.7CVSS5.8AI score0.00294EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/07 2:22 p.m.3 views

CVE-2026-4292

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

2.7CVSS5.8AI score0.00294EPSS
Exploits0
CVE
CVE
added 2026/04/07 2:10 p.m.8 views

CVE-2026-5373

The issue affects the runZero Platform and is a privilege-escalation vulnerability (CWE-269) where all-organization administrators could promote accounts to superuser status. Root cause is improper privilege management leading to elevated access. Impact aligns with CVSS v3.1: High (8.1) with no a...

8.4CVSS5.8AI score0.00221EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/07 2:0 p.m.2 views

UBUNTU-CVE-2026-4292

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

2.7CVSS5.8AI score0.00294EPSS
Exploits0References5
Rows per page
Query Builder