7896 matches found
MAL-2026-6230 Malicious code in django-auth-middleware-plus (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cf58978ba5eec5220b4b4d85966efff31d31d164ff103f98dfd627381e061ec On import, djangoauthmiddlewareplus/init.py spawns a daemon thread that POSTs a JSON payload containing the host's hostname, username, cwd, environme...
Astra Linux – Vulnerability in Python-Django
A vulnerability was discovered in versions prior to 6.0.0, 6.0.2, 5.2.0 prior to 5.2.1.1, and 4.2.0 prior to 4.2.2.8. The methods django.utils.text.Truncator.chars and Truncator.words with html=True, along with the template filters truncatecharshtml and truncatewordshtml, allow a remote attacker ...
[SECURITY] Fedora 43 Update: python-django5-5.2.15-1.fc43
Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...
[SECURITY] Fedora 44 Update: python-django5-5.2.15-1.fc44
Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...
openSUSE 16 Security Update : python-Django (openSUSE-SU-2026:20937-1)
The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20937-1 advisory. Changes in python-Django: - CVE-2026-6873: Signed cookie salt namespace collision bsc1267578 - CVE-2026-7666: Potential unencrypted email...
SUSE SLES15 Security Update : python-Django (SUSE-SU-2026:2318-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2318-1 advisory. This update for python-Django fixes the following issues - CVE-2026-6873: signed cookie salt namespace collision in...
Fedora 43 : python-django5 (2026-f140cb16b6)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f140cb16b6 advisory. Fixes five low-severity CVEs - CVE-2026-6873: Signed cookie salt namespace collision - CVE-2026-7666: Potential unencrypted email transmission via...
python313-Django6-6.0.6-1.1 on GA media (moderate)
python313-Django6-6.0.6-1.1 on GA media Announcement ID: openSUSE-SU-2026:11003-1 Rating: moderate Cross-References: CVE-2026-35193 CVE-2026-48587 CVE-2026-6873 CVE-2026-7666 CVE-2026-8404 CVSS scores: CVE-2026-35193 SUSE : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2026-35193 SUSE : 8....
OESA-2026-2661 python-django security update
A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header...
OESA-2026-2660 python-django security update
A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header...
OESA-2026-2659 python-django security update
A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header...
Security update for python-Django (important)
openSUSE security update: security update for python-django ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20937-1 Rating: important References: bsc1267576 bsc1267577 bsc1267578 bsc1267579 bsc1267580 Cross-References: CVE-2026-35193 CVE-2026-48587...
OPENSUSE-SU-2026:11002-1 python311-Django-5.2.15-1.1 on GA media
These are all security issues fixed in the python311-Django-5.2.15-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2026:11003-1 python313-Django6-6.0.6-1.1 on GA media
These are all security issues fixed in the python313-Django6-6.0.6-1.1 package on the GA media of openSUSE Tumbleweed...
python311-Django4-4.2.30-3.1 on GA media (moderate)
python311-Django4-4.2.30-3.1 on GA media Announcement ID: openSUSE-SU-2026:10989-1 Rating: moderate Cross-References: CVE-2026-35193 CVE-2026-48587 CVE-2026-6873 CVE-2026-7666 CVE-2026-8404 CVSS scores: CVE-2026-35193 SUSE : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2026-35193 SUSE : 8...
Security update for python-Django
This update for python-Django fixes the following issues CVE-2026-6873: signed cookie salt namespace collision in django.http.HttpRequest.getsignedcookie bsc1267578. CVE-2026-7666: potential unencrypted email transmission via STARTTLS in the SMTP backend bsc1267579. CVE-2026-8404: potential...
SUSE-SU-2026:2318-1 Security update for python-Django
This update for python-Django fixes the following issues - CVE-2026-6873: signed cookie salt namespace collision in django.http.HttpRequest.getsignedcookie bsc1267578. - CVE-2026-7666: potential unencrypted email transmission via STARTTLS in the SMTP backend bsc1267579. - CVE-2026-8404: potential...
OPENSUSE-SU-2026:10989-1 python311-Django4-4.2.30-3.1 on GA media
These are all security issues fixed in the python311-Django4-4.2.30-3.1 package on the GA media of openSUSE Tumbleweed...
TencentOS Server 4: python-django (TSSA-2026:0341)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0341 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
BIT-DJANGO-2026-8404 Potential exposure of private data via case-sensitive Cache-Control directives in UpdateCacheMiddleware
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their...