Lucene search
K

11 matches found

OSV
OSV
added 2026/04/16 11:38 p.m.4 views

BIT-DJANGO-2026-4277 Privilege abuse in GenericInlineModelAdmin

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

9.8CVSS5.7AI score0.00458EPSS
Exploits0References4
Mageia
Mageia
added 2026/04/11 11:2 p.m.9 views

Updated python-django packages fix security vulnerabilities

ASGI header spoofing via underscore/hyphen conflation. CVE-2026-3902 Privilege abuse in GenericInlineModelAdmin. CVE-2026-4277 Privilege abuse in ModelAdmin.listeditable. CVE-2026-4292 Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload. CVE-2026-33033...

9.8CVSS5.8AI score0.00879EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/04/08 11:30 p.m.5 views

SUSE CVE-2026-4277

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

5.4CVSS5.8AI score0.00458EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/07 5:42 p.m.5 views

CVE-2026-4277

A flaw was found in Django. This vulnerability allows an attacker to bypass permission validation by submitting forged POST data to the GenericInlineModelAdmin component. As a result, unauthorized inline model instances could be added, potentially leading to privilege abuse or unauthorized data...

9.8CVSS5.8AI score0.00458EPSS
Exploits0References7
OSV
OSV
added 2026/04/07 3:30 p.m.2 views

GHSA-PWJP-CCJC-GHWG Django vulnerable to privilege abuse in GenericInlineModelAdmin

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

2.3CVSS5.8AI score0.00458EPSS
Exploits0References6
OSV
OSV
added 2026/04/07 3:17 p.m.9 views

PYSEC-2026-52

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

9.8CVSS5.7AI score0.00458EPSS
Exploits0References4
OSV
OSV
added 2026/04/07 3:17 p.m.12 views

DEBIAN-CVE-2026-4277

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

9.8CVSS5.2AI score0.00458EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/07 2:22 p.m.9 views

CVE-2026-4277

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

5.8AI score0.00458EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/04/07 2:22 p.m.35 views

CVE-2026-4277

The CVE-2026-4277 issue affects Django: versions 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. The vulnerability concerns improper validation of permissions on inline model instances when submitting forged POST data via GenericInlineModelAdmin. This could allow unauthorized access o...

9.8CVSS5.8AI score0.00458EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/07 2:0 p.m.11 views

UBUNTU-CVE-2026-4277

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

9.8CVSS5.8AI score0.00458EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.13 views

PT-2026-30869

Name of the Vulnerable Software and Affected Versions Django versions 6.0 through 6.0.3, 5.2 through 5.2.12, and 4.2 through 4.2.29 Description A flaw exists in the permission validation process for inline model instances within GenericInlineModelAdmin when handling forged POST data. This could...

9.8CVSS5.8AI score0.00879EPSS
Exploits1References31
Rows per page
Query Builder