CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

120 matches found

OSV•added 2025/09/03 9:15 p.m.•3 views

DEBIAN-CVE-2025-57833

An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed QuerySet.annotate or QuerySet.alias...

8.1CVSS8.1AI score0.00074EPSS

Exploits4References1

Snyk•added 2025/09/03 8:41 p.m.•3 views

SQL Injection

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to SQL Injection in the FilteredRelation class when a specially crafted dictionary is used with dictionary expansion as the kwargs...

8.1CVSS8.4AI score0.00074EPSS

Exploits4References2

Cvelist•added 2025/09/03 12:0 a.m.•11 views

CVE-2025-57833

7.1CVSS0.00074EPSS

Exploits4References4

AlpineLinux•added 2025/09/03 12:0 a.m.•7 views

CVE-2025-57833

8.1CVSS8AI score0.00074EPSS

Exploits4

CVE•added 2025/09/03 12:0 a.m.•73 views

CVE-2025-57833

CVE-2025-57833 affects Django 4.2 (pre-4.2.24), 5.1 (pre-5.1.12), and 5.2 (pre-5.2.6). The vulnerability arises in FilteredRelation where SQL injection can occur via column aliases when a crafted dictionary is expanded through **kwargs passed to QuerySet.annotate() or QuerySet.alias(). The issue ...

8.1CVSS7.4AI score0.00074EPSS

Exploits4References6Affected Software1

Vulnrichment•added 2025/09/03 12:0 a.m.•4 views

CVE-2025-57833

7.1CVSS7.4AI score0.00074EPSS

Exploits4References4

Debian CVE•added 2025/09/03 12:0 a.m.•5 views

CVE-2025-57833

8.1CVSS8.1AI score0.00074EPSS

Exploits4

SUSE Linux•added 2025/07/16 2:49 p.m.•2 views

Security update for gnuplot

This update for gnuplot fixes the following issues: CVE-2025-31176: invalid read leads to segmentation fault on plot3dpoints bsc1240325. CVE-2025-31177: improper bounds check leads to heap-buffer overflow on utf8copyone bsc1240326. CVE-2025-31178: unvalidated user input leads to segmentation faul...

6.9CVSS7.4AI score0.00167EPSS

Exploits0References28

OSV•added 2025/07/16 2:49 p.m.•1 views

SUSE-SU-2025:01811-2 Security update for gnuplot

This update for gnuplot fixes the following issues: - CVE-2025-31176: invalid read leads to segmentation fault on plot3dpoints bsc1240325. - CVE-2025-31177: improper bounds check leads to heap-buffer overflow on utf8copyone bsc1240326. - CVE-2025-31178: unvalidated user input leads to segmentatio...

6.2CVSS5.8AI score0.00167EPSS

Exploits0References15

OSV•added 2025/07/11 4:15 p.m.•2 views

CVE-2025-52989

An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to modify the system configuration. A user with limited configuration and commit permissions, using a specifically crafted...

6.8CVSS5.8AI score0.00089EPSS

Exploits0References1

OSSF Malicious Packages•added 2025/04/17 5:27 a.m.•2 views

Malicious code in helper-annotate-as-pure (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a2ed0a68aabb50699a8bbd25a26ea827013ad9225c5bb5affa461c8a327b1ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

Exploits0References1

OSV•added 2025/03/27 3:16 p.m.•1 views

UBUNTU-CVE-2025-31178

A flaw was found in gnuplot. The GetAnnotateString function may lead to a segmentation fault and cause a system crash...

6.2CVSS5.7AI score0.00034EPSS

Exploits0References5

OSV•added 2025/03/09 1:0 p.m.•2 views

UBUNTU-CVE-2025-57833

8.1CVSS7.2AI score0.00074EPSS

Exploits4References3

CVE•added 2024/04/17 10:27 a.m.•5710 views

CVE-2024-26862

CVE-2024-26862 — Linux kernel data race (kernel 5.x/6.x) Root cause: missing READ_ONCE()/WRITE_ONCE() annotations for ignore_outgoing reads in packet code; read/write races observed between dev_queue_xmit_nit() and packet_setsockopt(). Syzkaller/KCSAN reported a data-race affecting packet_setsock...

4.7CVSS6.1AI score0.00014EPSS

Exploits0References9Affected Software1

CNVD•added 2023/08/12 12:0 a.m.•22 views

Adobe Acrobat Reader post-release reuse vulnerability (CNVD-2023-71755)

Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. Adobe Acrobat Reader has a post-release reuse vulnerability that can be exploited by an attacker to cause a sensitive memory leak...

5.5CVSS6.6AI score0.00136EPSS

Exploits0References1

CNVD•added 2023/08/12 12:0 a.m.•14 views

Adobe Acrobat Reader post-release reuse vulnerability (CNVD-2023-71757)

5.5CVSS6.7AI score0.00136EPSS

Exploits0References1

CNVD•added 2023/08/12 12:0 a.m.•18 views

Adobe Acrobat Reader post-release reuse vulnerability (CNVD-2023-71759)

7.8CVSS7.1AI score0.08655EPSS

Exploits0References1

CNVD•added 2023/08/12 12:0 a.m.•21 views

Adobe Acrobat Reader post-release reuse vulnerability (CNVD-2023-71756)