Lucene search
K

171 matches found

OSV
OSV
added 2026/05/22 1:18 p.m.15 views

OESA-2026-2397 mariadb security update

MariaDB is a community developed fork from MySQL - a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon mariadbd and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs a...

7CVSS6.4AI score0.00414EPSS
Exploits1References3
OSV
OSV
added 2026/05/21 11:27 a.m.5 views

USN-8290-1 node-path-to-regexp vulnerability

It was discovered that Path-to-Regexp incorrectly handled route patterns containing multiple named parameters separated by non-delimiter characters such as hyphens. An attacker could possibly use this issue to cause a denial of service via catastrophic backtracking in the generated regular...

7.5CVSS6.7AI score0.00932EPSS
Exploits0References2
OSV
OSV
added 2026/04/16 11:38 p.m.11 views

BIT-DJANGO-2026-3902 ASGI header spoofing via underscore/hyphen conflation

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

7.5CVSS5.7AI score0.00436EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/07 3:30 p.m.2 views

EUVD-2026-19686

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

7.5CVSS5.9AI score0.00436EPSS
Exploits0References4
OSV
OSV
added 2026/04/07 3:30 p.m.3 views

GHSA-MVFQ-GGXM-9MC5 Django vulnerable to ASGI header spoofing via underscore/hyphen conflation

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

7.5CVSS5.8AI score0.00436EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/07 3:30 p.m.8 views

Django vulnerable to ASGI header spoofing via underscore/hyphen conflation

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

7.5CVSS5.9AI score0.00436EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/04/07 3:17 p.m.3 views

CVE-2026-3902

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

7.5CVSS0.00436EPSS
Exploits0References3
PyPA
PyPA
added 2026/04/07 3:17 p.m.10 views

PYSEC-2026-51

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores.Earlier, unsupported Django...

7.5CVSS5.8AI score0.00436EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/07 3:17 p.m.5 views

DEBIAN-CVE-2026-3902

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

7.5CVSS5.4AI score0.00436EPSS
Exploits0References1
OSV
OSV
added 2026/04/07 3:17 p.m.9 views

PYSEC-2026-51

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

7.5CVSS5.8AI score0.00436EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/07 2:22 p.m.16 views

CVE-2026-3902 ASGI header spoofing via underscore/hyphen conflation

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

0.00436EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/07 2:22 p.m.2 views

CVE-2026-3902 ASGI header spoofing via underscore/hyphen conflation

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

5.9AI score0.00436EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/07 2:22 p.m.6 views

CVE-2026-3902

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

5.9AI score0.00436EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/04/07 2:22 p.m.21 views

CVE-2026-3902

CVE-2026-3902 affects Django: vulnerable in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. The flaw in ASGIRequest allows a remote attacker to spoof headers by conflating hyphen and underscore variants, via an ambiguous header mapping. Exploitation status is not provided in the sourc...

7.5CVSS5.9AI score0.00436EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/07 2:22 p.m.3 views

CVE-2026-3902

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

7.5CVSS5.8AI score0.00436EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2026/04/07 2:0 p.m.8 views

CVE-2026-3902

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

7.5CVSS5.9AI score0.00436EPSS
Exploits0References3
OSV
OSV
added 2026/03/10 8:48 a.m.8 views

BIT-MYSQL-CLIENT-2026-3494 MariaDB Server Audit Plugin Comment Handling Bypass

In MariaDB server version through 11.8.5, when server audit plugin is enabled with serverauditevents variable configured with QUERYDCL, QUERYDDL, or QUERYDML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen — or hash style comments, the statement is...

5.3CVSS5.8AI score0.00274EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/03/05 6:52 a.m.9 views

SUSE CVE-2026-3494

In MariaDB server version through 11.8.5, when server audit plugin is enabled with serverauditevents variable configured with QUERYDCL, QUERYDDL, or QUERYDML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen - or hash style comments, the statement is...

4.3CVSS5.8AI score0.00274EPSS
Exploits1References7
NVD
NVD
added 2026/03/03 8:16 p.m.12 views

CVE-2026-3494

In MariaDB server version through 11.8.5, when server audit plugin is enabled with serverauditevents variable configured with QUERYDCL, QUERYDDL, or QUERYDML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen — or hash style comments, the statement is...

5.3CVSS0.00274EPSS
Exploits1References3
CVE
CVE
added 2026/03/03 6:12 p.m.69 views

CVE-2026-3494

CVE-2026-3494 affects MariaDB Server (audit plugin) up to version 11.8.5. When the audit plugin is enabled and server_audit_events is filtered to QUERY_DCL/QUERY_DDL/QUERY_DML, an authenticated user issuing a SQL statement starting with -- or # may bypass logging, leading to incomplete audit reco...

5.3CVSS6AI score0.00274EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder