Lucene search
K

9 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-0219

Malicious code in bioql PyPI...

9.3CVSS6.3AI score0.0047EPSS
Exploits0References5
Veracode
Veracode
added 2025/02/05 3:54 p.m.9 views

Class Pollution

Django-Unicorn is vulnerable to Class Pollution. The vulnerability is due to improper handling of component requests due to the setpropertyvalue function allowing remote users to manipulate its parameters, leading to arbitrary changes in the Python runtime, enabling XSS, DoS, and authentication...

9.3CVSS7.2AI score0.0047EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/02/03 9:15 p.m.7 views

CVE-2025-24370

Django-Unicorn adds modern reactive component functionality to Django templates. Affected versions of Django-Unicorn are vulnerable to python class pollution vulnerability. The vulnerability arises from the core functionality setpropertyvalue, which can be remotely triggered by users by crafting...

9.3CVSS0.0047EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/03 9:7 p.m.10 views

CVE-2025-24370 Django-Unicorn Class Pollution Vulnerability, Leading to XSS, DoS and Authentication Bypass

Django-Unicorn adds modern reactive component functionality to Django templates. Affected versions of Django-Unicorn are vulnerable to python class pollution vulnerability. The vulnerability arises from the core functionality setpropertyvalue, which can be remotely triggered by users by crafting...

9.3CVSS6.9AI score0.0047EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/03 9:7 p.m.22 views

CVE-2025-24370 Django-Unicorn Class Pollution Vulnerability, Leading to XSS, DoS and Authentication Bypass

Django-Unicorn adds modern reactive component functionality to Django templates. Affected versions of Django-Unicorn are vulnerable to python class pollution vulnerability. The vulnerability arises from the core functionality setpropertyvalue, which can be remotely triggered by users by crafting...

9.3CVSS0.0047EPSS
Exploits0References2
CVE
CVE
added 2025/02/03 9:7 p.m.71 views

CVE-2025-24370

CVE-2025-24370 affects django-unicorn. The issue stems from the vulnerable set_property_value function, which can be remotely triggered via component requests (syncInput payload) to modify Python runtime state, enabling XSS, DoS, and authentication bypass across Django-Unicorn-based apps. Remedia...

9.3CVSS6.7AI score0.0047EPSS
Exploits0References2
OSV
OSV
added 2025/02/03 3:48 p.m.11 views

GHSA-G9WF-5777-GQ43 Django-Unicorn Class Pollution Vulnerability, Leading to XSS, DoS and Authentication Bypass

Summary Django-Unicorn is vulnerable to python class pollution vulnerability, a new type of vulnerability categorized under CWE-915. The vulnerability arises from the core functionality setpropertyvalue, which can be remotely triggered by users by crafting appropriate component requests and feedi...

9.3CVSS7.9AI score0.0047EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/02/03 3:48 p.m.28 views

Django-Unicorn Class Pollution Vulnerability, Leading to XSS, DoS and Authentication Bypass

Summary Django-Unicorn is vulnerable to python class pollution vulnerability, a new type of vulnerability categorized under CWE-915. The vulnerability arises from the core functionality setpropertyvalue, which can be remotely triggered by users by crafting appropriate component requests and feedi...

9.3CVSS7.9AI score0.0047EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2025/02/03 3:48 p.m.5 views

simmate (>=0.14.0 <=0.17.0), tvsd (>=1.4.0 <=1.4.1) potentially affected by CVE-2025-24370 via django-unicorn (>=0.50.0 <=0.59.0)

django-unicorn PYPI version =0.50.0, =0.14.0, =1.4.0, =1.4.1 Source cves: CVE-2025-24370 Source advisory: OSV:GHSA-G9WF-5777-GQ43...

9.3CVSS5.8AI score0.0047EPSS
Exploits0
Rows per page
Query Builder