Lucene search
K

22 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.13 views

TencentOS Server 4: python-django (TSSA-2026:0341)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0341 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

9.8CVSS5.5AI score0.00458EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.11 views

SUSE SLES15 Security Update : python-Django (SUSE-SU-2026:1740-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1740-1 advisory. This update for python-Django fixes the following issues - CVE-2026-3902: headers spoofing by exploiting an ambiguous mapping of two header...

9.8CVSS5.9AI score0.00769EPSS
Exploits1References25
OSV
OSV
added 2026/05/09 12:30 p.m.16 views

OESA-2026-2216 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker ...

9.8CVSS5.8AI score0.00689EPSS
Exploits1References5
SUSE Linux
SUSE Linux
added 2026/05/07 7:0 a.m.12 views

Security update for python-Django

This update for python-Django fixes the following issues CVE-2026-3902: headers spoofing by exploiting an ambiguous mapping of two header variants in ASGIRequest requests bsc1261729. CVE-2026-4277: permissions on inline model instances were not validated on submission of forged POST data in...

6.9CVSS5.8AI score0.00769EPSS
Exploits1References32
OSV
OSV
added 2026/04/16 11:38 p.m.4 views

BIT-DJANGO-2026-4277 Privilege abuse in GenericInlineModelAdmin

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

9.8CVSS5.7AI score0.00458EPSS
Exploits0References4
Mageia
Mageia
added 2026/04/11 11:2 p.m.6 views

Updated python-django packages fix security vulnerabilities

ASGI header spoofing via underscore/hyphen conflation. CVE-2026-3902 Privilege abuse in GenericInlineModelAdmin. CVE-2026-4277 Privilege abuse in ModelAdmin.listeditable. CVE-2026-4292 Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload. CVE-2026-33033...

9.8CVSS5.8AI score0.00769EPSS
Exploits1References2
Veracode
Veracode
added 2026/04/10 3:10 p.m.10 views

Missing Authorization

Django is vulnerable to Missing Authorization. The vulnerability is due to missing validation of add permissions for inline model instances in GenericInlineModelAdmin, which allows an attacker to submit forged POST data and create unauthorized objects...

9.8CVSS5.8AI score0.00458EPSS
Exploits0References5Affected Software2
SUSE CVE
SUSE CVE
added 2026/04/08 11:30 p.m.5 views

SUSE CVE-2026-4277

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

5.4CVSS5.8AI score0.00458EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/07 4:14 p.m.3 views

Missing Authorization

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Missing Authorization in the InlineModelAdmin.getformset function. An attacker can gain unauthorized access to add inline model...

9.8CVSS5.9AI score0.00458EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/07 3:30 p.m.8 views

EUVD-2026-19687

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

5.8AI score0.00458EPSS
Exploits0References4
OSV
OSV
added 2026/04/07 3:17 p.m.11 views

DEBIAN-CVE-2026-4277

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

9.8CVSS5.2AI score0.00458EPSS
Exploits0References1
NVD
NVD
added 2026/04/07 3:17 p.m.2 views

CVE-2026-4277

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

9.8CVSS0.00458EPSS
Exploits0References3
OSV
OSV
added 2026/04/07 3:17 p.m.8 views

PYSEC-2026-52

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

9.8CVSS5.7AI score0.00458EPSS
Exploits0References4
PyPA
PyPA
added 2026/04/07 3:17 p.m.11 views

PYSEC-2026-52

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.Add permissions on inline model instances were not validated on submission offorged POST data in GenericInlineModelAdmin.Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated and...

9.8CVSS5.8AI score0.00458EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/04/07 2:22 p.m.31 views

CVE-2026-4277

The CVE-2026-4277 issue affects Django: versions 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. The vulnerability concerns improper validation of permissions on inline model instances when submitting forged POST data via GenericInlineModelAdmin. This could allow unauthorized access o...

9.8CVSS5.8AI score0.00458EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/07 2:22 p.m.8 views

CVE-2026-4277

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

5.8AI score0.00458EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/04/07 2:22 p.m.19 views

CVE-2026-4277 Privilege abuse in GenericInlineModelAdmin

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

0.00458EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/04/07 2:22 p.m.2 views

CVE-2026-4277

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

9.8CVSS5.8AI score0.00458EPSS
Exploits0
OSV
OSV
added 2026/04/07 2:0 p.m.3 views

UBUNTU-CVE-2026-4277

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

9.8CVSS5.8AI score0.00458EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.9 views

Django 安全漏洞

Django is a Python-based open-source web framework developed by the Django Foundation. This framework includes an object-oriented mapper, view system, template system, etc. Versions of Django prior to 6.0.4, 5.2.13, and 4.2.30 contained security vulnerabilities. These vulnerabilities stemmed from...

9.8CVSS5.8AI score0.00458EPSS
Exploits0References3
Rows per page
Query Builder