CVE-2026-48587

Django is affected in versions 5.2 before 5.2.15 and 6.0 before 6.0.6. The vulnerability lies in django.utils.cache.has_vary_header(), which does not strip leading/trailing whitespace from Vary header values before comparison. This can allow remote attackers to read cached responses by targeting ...

CVE-2026-48587 Potential exposure of private data via whitespace padding in Vary header

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

CVE-2026-35193 Potential exposure of private data via missing Vary: Authorization in UpdateCacheMiddleware

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

CVE-2026-35193

Technical details about CVE-2026-35193 are not publicly available in the provided documents. Monitor for official updates from Django security advisories.

CVE-2026-8404 Potential exposure of private data via case-sensitive Cache-Control directives in UpdateCacheMiddleware

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their...

CVE-2026-8404 Potential exposure of private data via case-sensitive Cache-Control directives in UpdateCacheMiddleware

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their...

CVE-2026-8404

Summary: Django 5.2 (before 5.2.15) and Django 6.0 (before 6.0.6) contain a vulnerability in the UpdateCacheMiddleware where the middleware does not case-insensitively match Cache-Control directives. This can allow remote attackers to read responses that were cached with uppercase or mixed-case d...

JetBackup <= 2.0.9.7 - Sensitive Information Exposure via Directory Listing

JetBackup WordPress plugin = 2.0.9.9 does not use index files to prevent directory listing in certain configurations, letting malicious actors leak backup files, exploit requires access to the web server. id: CVE-2023-7165 info: name: JetBackup = 2.0.9.7 - Sensitive Information Exposure via...

Gravity SMTP WordPress Plugin - Sensitive Information Exposure

Gravity SMTP WordPress plugin = 2.1.4 contains a sensitive information exposure caused by an unrestricted REST API endpoint at /wp-json/gravitysmtp/v1/tests/mock-data, letting unauthenticated attackers retrieve detailed system configuration data, exploit requires no authentication. id:...

Mitel MiCollab <= 9.8.0.33 - SQL Injection

A vulnerability in NuPoint Messenger NPM of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary...

Easy Appointments <= 3.12.21 - Information Disclosure

Easy Appointments WordPress plugin = 3.12.21 contains a sensitive information exposure caused by an unauthenticated REST API endpoint /wp-json/wp/v2/eablocks/eaappointments/ registered with permissioncallback allowing unrestricted access, letting unauthenticated attackers extract sensitive custom...

Palo Alto Networks Expedition - OS Command Injection

An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls...

Formidable Form Builder < 2.05.03 - Unauthenticated Information Disclosure

The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frmformspreview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form. id: CVE-2017-20194 info...

G Auto-Hyperlink <= 1.0.1 - SQL Injection

The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection id: CVE-2021-24627 info: name: G Auto-Hyperlink = 1.0.1 - SQL...

Quttera Web Malware Scanner <= 3.4.1.48 - Sensitive Data Exposure

The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code id: CVE-2023-6065 info: name: Quttera Web Malware Scanner = 3.4.1.48 - Sensitive Data Exposure...

SureForms <= 1.13.1 - Sensitive Information Exposure

SureForms WordPress plugin = 1.13.1 contains a sensitive information exposure caused by setting 'authcallback' to 'returntrue' in 'srfmemailnotification' post meta registration, letting unauthenticated attackers access sensitive email notification data, exploit requires no authentication. id:...

Joomla! Component Music Manager - Local File Inclusion

A directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the cid parameter to album.html. id: CVE-2010-2857 info: name: Joomla! Component Music Manager - Local Fil...

WordPress WP Clone <= 2.4.2 - Database Backup Exposure

Clone WordPress plugin 2.4.3 contains a buffer overflow caused by storing in-progress backup information in publicly accessible buffer files at a static file path, letting attackers access sensitive backup data, exploit requires no special privileges id: CVE-2023-6750 info: name: WordPress WP Clo...

OneDev < 4.0.3 - User Access Token Leak

OneDev before version 4.0.3 contains an insecure endpoint that allows retrieval of arbitrary user details, including access tokens, due to missing security checks on /users/id, letting attackers leak sensitive data and impersonate users, exploit requires no special conditions. id: CVE-2021-21246...

ListingPro < 2.6.1 - Sensitive Data Disclosure

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the /listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email...