CVE-2025-12925

A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Impacted is the function getAll/addDic/getAllDic/deleteDic of the file src/main/java/com/rymcu/forest/lucene/api/UserDicController.java. The manipulation results in missing authorization. The attac...

CVE-2025-12925 rymcu forest UserDicController.java deleteDic authorization

A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Impacted is the function getAll/addDic/getAllDic/deleteDic of the file src/main/java/com/rymcu/forest/lucene/api/UserDicController.java. The manipulation results in missing authorization. The attac...

EUVD-2025-38727

A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Impacted is the function getAll/addDic/getAllDic/deleteDic of the file src/main/java/com/rymcu/forest/lucene/api/UserDicController.java. The manipulation results in missing authorization. The attac...

PT-2025-45587

Name of the Vulnerable Software and Affected Versions rymcu forest affected versions not specified Description A security flaw exists due to missing authorization. The issue affects the getAll/addDic/getAllDic/deleteDic function within the...

Lucee Administration Panel Login Form Detected

Lucee Administration Panel has been detected on the target web application. This may present an attacker with an exploit vector which could be leveraged using other techniques, such as a Brute-Force or Dictionary Attack, allowing an attacker to gain access to administrative functionality. No sour...

SQL Injection

Django is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of user-supplied input when processing crafted dictionaries with dictionary expansion in the connector argument of query methods, which allows an attacker to inject arbitrary SQL queries into database...

SUSE CVE-2025-64459

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...

PYSEC-2025-108

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector...

CVE-2025-64459 Potential SQL injection via _connector keyword argument in QuerySet and Q objects

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...

CVE-2025-64459 Potential SQL injection via _connector keyword argument in QuerySet and Q objects

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...

CVE-2025-64459

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...

CVE-2025-64459

CVE-2025-64459 affects Django before versions 5.1.14, 4.2.26, and 5.2.8. The vulnerability is a SQL injection in the Django ORM: QuerySet.filter(), QuerySet.exclude(), QuerySet.get(), and the Q() class can be triggered via a crafted dictionary using the _connector argument. Public advisories conf...

Django SQL注入漏洞

Django is a set of open source web application frameworks based on the Python language from the Django Foundation. The framework includes an object-oriented mapper, view system, template system, and more. A security vulnerability exists in Django versions 5.1 through 5.1.14 prior, 4.2 through...

PT-2025-45119

Name of the Vulnerable Software and Affected Versions Django versions prior to 5.1.14, prior to 4.2.26, and prior to 5.2.8 Description Django is susceptible to a SQL injection issue due to improper handling of dictionary expansion when using the QuerySet.filter, QuerySet.exclude, and QuerySet.get...

UBUNTU-CVE-2025-64459

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...

LZ4 through 1.10.0 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4F_createCDict_advanced in lib/lz4frame.c mishandles NULL checks.

...

CVE-2025-39534

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Somonator Terms Dictionary terms-dictionary allows Reflected XSS.This issue affects Terms Dictionary: from n/a through = 1.5.1...

Improper Neutralization of Null Byte or NUL Character

Overview Affected versions of this package are vulnerable to Improper Neutralization of Null Byte or NUL Character in the LZ4FcreateCDictadvanced function, when processing LZ4 frames. An attacker can cause an application to crash or trigger unintended behavior by submitting specially crafted LZ4...

CVE-2025-62813

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

Updated python-django packages fix a security vulnerability

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the kwarg...