7 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-35193
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to...
SUSE CVE-2026-6907
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. django.middleware.cache.UpdateCacheMiddleware erroneously caches requests where the Vary header contained an asterisk ''. This can lead to private data being stored and served. Earlier, unsupported Django series such as 5.0.x,...
Django vulnerable to privilege abuse in GenericInlineModelAdmin
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...
CVE-2026-33033 Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads with Content-Transfer-Encoding: base64 including excessive whitespace. Earlier, unsupported Django series such as...
cg-django-uaa (=2.1.9), deeplabelnet (>=0.1.0 <=0.1.20) +28 more potentially affected by CVE-2026-25673 via django (>=5.2.0 <=5.2.11)
django PYPI version =5.2.0, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =0.1.0, =5.2.0, =5.2.1 and more Source cves: CVE-2026-25673 Source advisory: SNYK:PYTHON-DJANGO-15371389...
cg-django-uaa (=2.1.9), deeplabelnet (>=0.1.0 <=0.1.20) +22 more potentially affected by CVE-2025-13473 via django (>=5.2.0 <=5.2.10)
django PYPI version =5.2.0, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =0.1.0, =5.2.0, =5.2.1 - djbackup =2.1.0 and more Source cves: CVE-2025-13473 Source advisory: SNYK:PYTHON-DJANGO-15198930...
GHSA-6426-9FV3-65X8 Django has an SQL Injection issue
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. .QuerySet.orderby is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in FilteredRelation. Earlier,...