Lucene search
K

226 matches found

OSV
OSV
added 2025/12/12 12:21 p.m.8 views

OESA-2025-2850 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted...

7.5CVSS7.7AI score0.02143EPSS
Exploits0References3
OSV
OSV
added 2025/12/05 1:12 p.m.7 views

OESA-2025-2789 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote...

7.5CVSS6.7AI score0.02143EPSS
Exploits0References2
OSV
OSV
added 2025/12/05 1:12 p.m.6 views

OESA-2025-2790 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote...

7.5CVSS6.7AI score0.02143EPSS
Exploits0References2
OSV
OSV
added 2025/12/05 1:12 p.m.6 views

OESA-2025-2788 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote...

7.5CVSS6.7AI score0.02143EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/12/05 12:24 a.m.6 views

SUSE CVE-2025-64460

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML...

7.5CVSS6.9AI score0.02143EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-64460

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in...

7.5CVSS7.2AI score0.02143EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/12/02 6:30 p.m.7 views

Django is vulnerable to DoS via XML serializer text extraction

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML...

7.5CVSS6.8AI score0.02143EPSS
Exploits0References10Affected Software1
NVD
NVD
added 2025/12/02 4:15 p.m.6 views

CVE-2025-64460

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML...

7.5CVSS0.02143EPSS
Exploits0References3
OSV
OSV
added 2025/12/02 4:15 p.m.8 views

PYSEC-2025-109

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML...

7.5CVSS7.2AI score0.02143EPSS
Exploits0References4
OSV
OSV
added 2025/12/02 3:15 p.m.2 views

CVE-2025-64460 Potential denial-of-service vulnerability in XML serializer text extraction

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML...

7.5CVSS7.2AI score0.02143EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2025/12/02 3:15 p.m.3 views

CVE-2025-64460

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML...

7.5CVSS6.8AI score0.02143EPSS
Exploits0
EUVD
EUVD
added 2025/12/02 3:15 p.m.3 views

EUVD-2025-200248

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML...

7.5CVSS6.3AI score0.02143EPSS
Exploits0References4
CVE
CVE
added 2025/12/02 3:15 p.m.24 views

CVE-2025-64460

CVE-2025-64460 is a DoS in Django related to an algorithmic complexity issue in django.core.serializers.xml_serializer.getInnerText(), where a specially crafted XML input processed by the XML Deserializer can exhaust CPU and memory. Affected series include Django 5.2 before 5.2.9, 5.1 before 5.1....

7.5CVSS6.5AI score0.02143EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/12/02 2:0 p.m.2 views

UBUNTU-CVE-2025-64460

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML...

7.5CVSS7AI score0.02143EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.4 views

PT-2025-48704

Name of the Vulnerable Software and Affected Versions Django versions 4.2 through 4.2.26 Django versions 5.1 through 5.1.14 Django versions 5.2 through 5.2.8 Description An issue exists in the way Django handles XML input. Specifically, algorithmic complexity within the django.core.serializers.xm...

7.5CVSS7.9AI score0.02143EPSS
Exploits0References24
OSV
OSV
added 2025/11/17 12:2 a.m.6 views

OSV-2025-901 Heap-use-after-free in apache::thrift::protocol::TCompactProtocolT<apache::thrift::transport::TMemoryBu

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=461058054 Crash type: Heap-use-after-free READ 1 Crash state: apache::thrift::protocol::TCompactProtocolTapache::thrift::transport::TMemoryBu unsigned int parquet::format::OffsetIndex::readapache::thrift::protocol::TCompa void...

6.9AI score
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-0686

Malware in sbrugna...

7.8CVSS7.6AI score0.01469EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-1940

Malware in sbrugna...

7.5CVSS7.4AI score0.0143EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-28809

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.02545EPSS
Exploits1References1
OSV
OSV
added 2025/08/17 12:1 a.m.2 views

OSV-2025-638 Security exception in com.fasterxml.jackson.databind.deser.std.UntypedObjectDeserializer$Vanilla.deser

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=438873397 Crash type: Security exception Crash state: com.fasterxml.jackson.databind.deser.std.UntypedObjectDeserializer$Vanilla.deser com.fasterxml.jackson.databind.deser.std.UntypedObjectDeserializer$Vanilla.mapOb...

7.1AI score
Exploits0References1
Rows per page
Query Builder