Lucene search
K

7 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.25 views

Linux Distros Unpatched Vulnerability : CVE-2026-35193

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to...

3.1CVSS5.8AI score0.00359EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/06 1:45 a.m.13 views

SUSE CVE-2026-6907

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. django.middleware.cache.UpdateCacheMiddleware erroneously caches requests where the Vary header contained an asterisk ''. This can lead to private data being stored and served. Earlier, unsupported Django series such as 5.0.x,...

4.3CVSS5.7AI score0.00358EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/07 3:30 p.m.8 views

Django vulnerable to privilege abuse in GenericInlineModelAdmin

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

9.8CVSS5.8AI score0.00458EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/07 2:22 p.m.3 views

CVE-2026-33033 Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads with Content-Transfer-Encoding: base64 including excessive whitespace. Earlier, unsupported Django series such as...

5.9AI score0.00689EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2026/03/03 6:39 p.m.6 views

cg-django-uaa (=2.1.9), deeplabelnet (>=0.1.0 <=0.1.20) +28 more potentially affected by CVE-2026-25673 via django (>=5.2.0 <=5.2.11)

django PYPI version =5.2.0, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =0.1.0, =5.2.0, =5.2.1 and more Source cves: CVE-2026-25673 Source advisory: SNYK:PYTHON-DJANGO-15371389...

7.5CVSS7AI score0.00734EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/02/03 3:49 p.m.4 views

cg-django-uaa (=2.1.9), deeplabelnet (>=0.1.0 <=0.1.20) +22 more potentially affected by CVE-2025-13473 via django (>=5.2.0 <=5.2.10)

django PYPI version =5.2.0, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =0.1.0, =5.2.0, =5.2.1 - djbackup =2.1.0 and more Source cves: CVE-2025-13473 Source advisory: SNYK:PYTHON-DJANGO-15198930...

5.3CVSS6AI score0.00713EPSS
Exploits0
OSV
OSV
added 2026/02/03 3:30 p.m.3 views

GHSA-6426-9FV3-65X8 Django has an SQL Injection issue

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. .QuerySet.orderby is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in FilteredRelation. Earlier,...

5.4CVSS7.1AI score0.00802EPSS
Exploits1References8
Rows per page
Query Builder