Lucene search
K

12 matches found

CNNVD
CNNVD
added 2026/05/04 12:0 a.m.11 views

Apache OpenNLP 代码问题漏洞

Apache OpenNLP is a natural language processing toolkit developed by the Apache Foundation. Versions of Apache OpenNLP prior to 2.5.9 and 3.0.0-M3 contained code vulnerabilities. These vulnerabilities stemmed from the lack of enabling FEATURESECUREPROCESSING or disabling DTD processing during the...

9.1CVSS5.9AI score0.00515EPSS
Exploits0References1
Veracode
Veracode
added 2025/11/09 6:0 a.m.9 views

SQL Injection

Django is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of user-supplied input when processing crafted dictionaries with dictionary expansion in the connector argument of query methods, which allows an attacker to inject arbitrary SQL queries into database...

9.1CVSS7.8AI score0.19396EPSS
Exploits10References13Affected Software2
NVD
NVD
added 2025/11/05 3:15 p.m.12 views

CVE-2025-64459

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...

9.1CVSS0.19396EPSS
Exploits10References4
Vulnrichment
Vulnrichment
added 2025/10/01 12:0 a.m.2 views

CVE-2025-59681

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the kwarg...

7.1CVSS7.5AI score0.00583EPSS
Exploits0References3
OSV
OSV
added 2025/09/03 9:15 p.m.5 views

CVE-2025-57833

An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed QuerySet.annotate or QuerySet.alias...

8.1CVSS8AI score
Exploits0References6
Cvelist
Cvelist
added 2025/09/03 12:0 a.m.16 views

CVE-2025-57833

An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed QuerySet.annotate or QuerySet.alias...

7.1CVSS0.15602EPSS
Exploits4References4
RedHat Linux
RedHat Linux
added 2022/12/07 8:29 p.m.6 views

Django: SQL injection in QuerySet.annotate(),aggregate() and extra()

A flaw was found in the Django package, which leads to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely...

9.8CVSS7.1AI score0.18516EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2022/07/25 7:53 p.m.3 views

Django: SQL injection in QuerySet.annotate(),aggregate() and extra()

A flaw was found in the Django package, which leads to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely...

9.8CVSS7.1AI score0.18516EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2022/07/25 6:33 p.m.3 views

Django: SQL injection in QuerySet.annotate(),aggregate() and extra()

A flaw was found in the Django package, which leads to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely...

9.8CVSS7.1AI score0.18516EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2022/07/25 6:33 p.m.6 views

Django: SQL injection via QuerySet.explain(options) on PostgreSQL

A flaw was found in the Django package, leading to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely...

9.8CVSS7.1AI score0.02919EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/07/05 2:41 p.m.6 views

Django: SQL injection in QuerySet.annotate(),aggregate() and extra()

A flaw was found in the Django package, which leads to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely...

9.8CVSS7.1AI score0.18516EPSS
Exploits3References5
OSV
OSV
added 2018/09/21 7:29 a.m.1 views

DEBIAN-CVE-2018-17294

The matchCurrentInput function inside loutranslateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service application crash via out-of-bounds read by crafting an input file with certain translation dictionaries...

6.5CVSS6.7AI score0.02716EPSS
Exploits1References1
Rows per page
Query Builder