Lucene search
K

1556 matches found

RedHat Linux
RedHat Linux
added 2025/12/10 6:0 p.m.11 views

django: Django SQL injection

A potential SQL injection vulnerability has been discovered in the Django web framework. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q were subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...

9.1CVSS7.1AI score0.19396EPSS
Exploits10References8
Vulnrichment
Vulnrichment
added 2025/12/09 8:9 p.m.3 views

CVE-2025-66625 Umbraco Vulnerable to Improper File Access and Credential Exposure through Dictionary Import Functionality

Umbraco is an ASP.NET CMS. Due to unsafe handling and deletion of temporary files in versions 10.0.0 through 13.12.0, during the dictionary upload process an attacker with access to the backoffice can trigger predictable requests to temporary file paths. The application’s error responses HTTP 500...

4.9CVSS6.5AI score0.00301EPSS
Exploits0References2
CVE
CVE
added 2025/12/09 8:9 p.m.18 views

CVE-2025-66625

CVE-2025-66625 affects Umbraco CMS (ASP.NET) versions 10.0.0–13.12.0. During the dictionary upload process, unsafe handling/deletion of temporary files enables a backoffice attacker to trigger predictable requests to temporary file paths, causing error responses (HTTP 500 if a file exists, 404 if...

4.9CVSS6.5AI score0.00301EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/12/09 8:9 p.m.26 views

CVE-2025-66625 Umbraco Vulnerable to Improper File Access and Credential Exposure through Dictionary Import Functionality

Umbraco is an ASP.NET CMS. Due to unsafe handling and deletion of temporary files in versions 10.0.0 through 13.12.0, during the dictionary upload process an attacker with access to the backoffice can trigger predictable requests to temporary file paths. The application’s error responses HTTP 500...

4.9CVSS0.00301EPSS
Exploits0References2
OSV
OSV
added 2025/12/09 8:9 p.m.5 views

CVE-2025-66625 Umbraco Vulnerable to Improper File Access and Credential Exposure through Dictionary Import Functionality

Umbraco is an ASP.NET CMS. Due to unsafe handling and deletion of temporary files in versions 10.0.0 through 13.12.0, during the dictionary upload process an attacker with access to the backoffice can trigger predictable requests to temporary file paths. The application’s error responses HTTP 500...

4.9CVSS6.7AI score0.00301EPSS
Exploits0References4
Snyk
Snyk
added 2025/12/09 5:12 p.m.3 views

Files or Directories Accessible to External Parties

Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties in the dictionary import process. An attacker can enumerate the existence of arbitrary files on the server's filesystem and, in certain configurations, may expose the NTLM hash of the...

6.9CVSS6.9AI score0.00301EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/09 5:12 p.m.4 views

EUVD-2025-202178

Umbraco Vulnerable to Improper File Access and Credential Exposure in Dictionary Import Functionality...

4.9CVSS6.3AI score0.00301EPSS
Exploits0References4
OSV
OSV
added 2025/12/09 5:12 p.m.5 views

GHSA-HFV2-PF68-M33X Umbraco Vulnerable to Improper File Access and Credential Exposure in Dictionary Import Functionality

Impact Due to unsafe handling and deletion of temporary files during the dictionary upload process, an attacker with access to the backoffice can trigger predictable requests to temporary file paths. The application’s error responses HTTP 500 when a file exists, 404 when it does not allow the...

4.9CVSS6.7AI score0.00301EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/12/09 5:12 p.m.7 views

Umbraco Vulnerable to Improper File Access and Credential Exposure in Dictionary Import Functionality

Impact Due to unsafe handling and deletion of temporary files during the dictionary upload process, an attacker with access to the backoffice can trigger predictable requests to temporary file paths. The application’s error responses HTTP 500 when a file exists, 404 when it does not allow the...

4.9CVSS6.8AI score0.00301EPSS
Exploits0References4Affected Software1
GithubExploit
GithubExploit
added 2025/12/09 1:59 p.m.153 views

SqlScanner

SqlScanner SQL Injection Scanner deve...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.4 views

PT-2025-50229

Name of the Vulnerable Software and Affected Versions Umbraco versions 10.0.0 through 13.12.0 Description Umbraco, an ASP.NET CMS, experiences an issue related to the unsafe handling and deletion of temporary files during the dictionary upload process. An attacker with backoffice access can...

4.9CVSS6.8AI score0.00301EPSS
Exploits0References6
OSV
OSV
added 2025/12/02 9:31 p.m.1 views

GHSA-QHQW-RRW9-25RM asyncmy is vulnerable to SQL injection via crafted dict keys

SQL injection vulnerability in long2ice asyncmy thru 0.2.11 allows attackers to execute arbitrary SQL commands via crafted dict keys...

9.8CVSS6.1AI score0.00373EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/12/02 6:30 p.m.8 views

Django is vulnerable to SQL injection in column aliases

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...

4.3CVSS8AI score0.00904EPSS
Exploits0References11Affected Software1
Cvelist
Cvelist
added 2025/12/02 3:13 p.m.7 views

CVE-2025-13372 Potential SQL injection in FilteredRelation column aliases on PostgreSQL

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...

0.00904EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/02 12:0 a.m.5 views

Axios Systems Assyst 安全漏洞

Axios Systems Assyst is an off-the-shelf application from Axios Systems, UK, for managing IT services without the complexity and overhead associated with ITSM platforms such as ServiceNow and BMC Remedy. Axios Systems Assyst has a security vulnerability that stems from a specially crafted dict ke...

9.8CVSS7.2AI score0.00373EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.3 views

PT-2025-48749

Name of the Vulnerable Software and Affected Versions long2ice assyncmy versions through 0.2.10 Description A SQL injection issue exists in long2ice assyncmy. Attackers can execute arbitrary SQL commands by using specially crafted dictionary keys. Recommendations At the moment, there is no...

9.8CVSS6AI score0.00373EPSS
Exploits0References11
Veracode
Veracode
added 2025/11/27 6:52 a.m.8 views

Denial Of Service (DoS)

github.com/nwaples/rardecode is vulnerable to a Denial-of-Service DoS. The vulnerability is due to the failure to enforce limits on RAR dictionary sizes, which allows an attacker to supply a specially crafted RAR file that forces excessive memory allocation and triggers an out-of-memory crash...

6.5CVSS7AI score0.00354EPSS
Exploits1References3Affected Software1
GithubExploit
GithubExploit
added 2025/11/21 10:13 p.m.255 views

Exploit for SQL Injection in Djangoproject Django

Django-CVE-2025-64459-Testbed A self-contained testbed for Dj...

9.1CVSS7.9AI score0.19396EPSS
Exploits10
OSV
OSV
added 2025/11/14 12:39 p.m.9 views

OESA-2025-2677 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence,...

9.1CVSS7.9AI score0.19396EPSS
Exploits11References3
OSV
OSV
added 2025/11/11 11:36 a.m.8 views

BIT-DJANGO-2025-64459 Potential SQL injection via _connector keyword argument in QuerySet and Q objects

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...

9.1CVSS8.1AI score0.19396EPSS
Exploits10References5
Rows per page
Query Builder