BIT-DJANGO-2026-4292 Privilege abuse in ModelAdmin.list_editable

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

GHSA-5MF9-H53Q-7MHQ Django has potential DoS via MultiPartParser through crafted multipart uploads

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads with Content-Transfer-Encoding: base64 including excessive whitespace. Earlier, unsupported Django series such as...

CVE-2026-3902

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

CVE-2026-3902

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

UBUNTU-CVE-2026-3902

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

SUSE CVE-2010-1129

The safemode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / slash character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function...

SUSE CVE-2010-2093

Use-after-free vulnerability in the request shutdown functionality in PHP 5.2 before 5.2.13 and 5.3 before 5.3.2 allows context-dependent attackers to cause a denial of service crash via a stream context structure that is freed before destruction occurs...

PT-2010-4084 · Php +1 · Php +1

Name of the Vulnerable Software and Affected Versions: PHP versions 5.2.0 through 5.2.13 PHP versions 5.3.0 through 5.3.2 Description: The issue allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion, due to the...