Lucene search
+L

28 matches found

nessus
nessus
added 2026/07/09 12:0 a.m.9 views

Python Library Django 5.2.x < 5.2.16 / 6.0.x < 6.0.7 Multiple Vulnerabilities

The detected version of the Django Python package is 5.2.x prior to 5.2.16 or 6.0.x prior to 6.0.7. It is, therefore, affected by multiple vulnerabilities: - django.contrib.gis.gdal.GDALRaster over-reads its in-memory buffer when constructed from a bytes object, which can disclose adjacent memory...

6.3CVSS6.8AI score0.00375EPSS
Exploits0References4
osv
osv
added 2026/06/25 12:58 p.m.3 views

CVE-2026-40012 Information about ECS zero scoped answers might leak to clients that use a specific ECS

ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;...

5.3CVSS6AI score0.00305EPSS
Exploits0References5
nessus
nessus
added 2026/06/23 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-50170

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.1...

8.2CVSS6AI score0.00267EPSS
Exploits0References3
susecve
susecve
added 2026/06/04 2:21 a.m.9 views

SUSE CVE-2026-48587

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

5.9CVSS5.8AI score0.00354EPSS
Exploits0References5
pypa
pypa
added 2026/06/03 2:16 p.m.15 views

PYSEC-2026-198

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6.django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

5.3CVSS5.4AI score0.00354EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/06/03 2:16 p.m.11 views

PYSEC-2026-198

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

5.3CVSS5.4AI score0.00354EPSS
Exploits0References3
nvd
nvd
added 2026/06/03 2:16 p.m.13 views

CVE-2026-48587

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

5.3CVSS0.00354EPSS
Exploits0References3
alpinelinux
alpinelinux
added 2026/06/03 1:16 p.m.8 views

CVE-2026-48587

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

5.3CVSS5.4AI score0.00354EPSS
Exploits0
nessus
nessus
added 2026/06/03 12:0 a.m.20 views

Linux Distros Unpatched Vulnerability : CVE-2026-48587

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespa...

5.3CVSS5.9AI score0.00354EPSS
Exploits0References3
astralinux
astralinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: arm64: Errata: Add a workaround for speculative unprivileged loads on Cortex-A520. Implement the workaround according to erratum 2966298 for ARM Cortex-A520. On an affected Cortex-A520 core, a speculative unprivileged load may le...

4.7CVSS5.8AI score0.00602EPSS
Exploits0References2
nessus
nessus
added 2026/05/06 12:0 a.m.9 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Django vulnerabilities (USN-8232-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8232-1 advisory. It was discovered that Django did not vary cached response headers on cookies when sessions were not modified while...

6.5CVSS5.9AI score0.00544EPSS
Exploits0References4
osv
osv
added 2026/05/03 9:55 a.m.8 views

OESA-2026-2137 python-flask security update

Flask is a lightweight WSGI web application framework. It is designed to make getting started quick and easy, with the ability to scale up to complex applications. It began as a simple wrapper around Werkzeug and Jinja and has become one of the most popular Python web application frameworks...

4.3CVSS5.7AI score0.00374EPSS
Exploits0References2
cve
cve
added 2026/02/21 5:21 a.m.130 views

CVE-2026-27205

CVE-2026-27205 – Flask cache-related information disclosure (root cause: Vary: Cookie not set when session accessed) Affected: Flask 3.1.2 and below. In these versions, accessing the session object may cause a response to be cached with user-specific data, as the Vary: Cookie header is not consis...

4.3CVSS5.5AI score0.00374EPSS
Exploits0References3Affected Software1
redhatcve
redhatcve
added 2026/02/16 6:49 a.m.7 views

CVE-2025-71203

In the Linux kernel, the following vulnerability has been resolved: riscv: Sanitize syscall table indexing under speculation The syscall number is a user-controlled value used to index into the syscall table. Use arrayindexnospec to clamp this value after the bounds check to prevent speculative...

7CVSS5.1AI score0.00126EPSS
Exploits0References4
cve
cve
added 2026/02/14 4:27 p.m.20 views

CVE-2025-71203

CVE-2025-71203 concerns the Linux kernel where a user-controlled syscall number could be used to index the syscall table, enabling potential data leakage via cache side channels. The mitigation is to clamp the index with array_index_nospec() after the bounds check to prevent speculative out-of-bo...

7CVSS5.2AI score0.00126EPSS
Exploits0References4Affected Software1
nessus
nessus
added 2025/11/18 12:0 a.m.3 views

Mozilla Firefox ESR < 52.7

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 52.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-07 advisory. - Mozilla developers Jet Villegas and Randell Jesup reported memory safety bugs present in Firefox ESR 52.6...

9.8CVSS8.4AI score0.08024EPSS
Exploits3References8
nessus
nessus
added 2025/08/19 12:0 a.m.8 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.04 : Request Tracker vulnerabilities (USN-7692-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7692-1 advisory. It was discovered that Request Tracker was susceptible to timing attacks. An attacker could possibly use this issue to access sensiti...

7.5CVSS7AI score0.01707EPSS
Exploits0References12
nessus
nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-3291

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Serialization of sensitive data in GitLab EE affecting all versions from 14.9 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 can leak sensitive...

6.5CVSS6.4AI score0.00723EPSS
Exploits0References2
susecve
susecve
added 2025/07/08 11:51 p.m.6 views

SUSE CVE-2024-36357

A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries...

5.6CVSS7.7AI score0.00298EPSS
Exploits0References26
cve
cve
added 2025/07/08 5:1 p.m.114 views

CVE-2024-36357

CVE-2024-36357 describes a transient execution vulnerability in some AMD processors that can allow an attacker to infer data from the L1D cache, potentially leaking sensitive information across privileged boundaries. The CVE is tracked in multiple security advisories and kernel security updates a...

5.6CVSS6.2AI score0.00298EPSS
Exploits0References5
Rows per page
Query Builder