EUVD-2022-3680

Malicious code in bioql PyPI...

EUVD-2024-3496

Malicious code in bioql PyPI...

EUVD-2022-43280

Malicious code in bioql PyPI...

EUVD-2025-6926

Malicious code in bioql PyPI...

EUVD-2023-2522

Malicious code in bioql PyPI...

EUVD-2022-0418

Malicious code in bioql PyPI...

EUVD-2023-30711

Malicious code in bioql PyPI...

EUVD-2023-1097

Malicious code in bioql PyPI...

EUVD-2022-3709

Malicious code in bioql PyPI...

EUVD-2023-2660

Malicious code in bioql PyPI...

CVE-2025-59681

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the kwarg...

Django 4.x < 4.2.25, 5.0.x < 5.1.13, 5.2.x < 5.2.7 Multiple Vulnerabilities - Linux

Django is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:djangoproject:django"; if descriptio...

Django 4.x < 4.2.25, 5.0.x < 5.1.13, 5.2.x < 5.2.7 Multiple Vulnerabilities - Windows

Django is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:djangoproject:django"; if descriptio...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection in the QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra methods when a specially crafted dictionary is passed using dictionary expansion as kwargs, leading to unsafe column aliases on MySQL and...

PYSEC-2025-106

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the kwarg...

cups: Authentication Bypass in CUPS Authorization Handling

A flaw was found in CUPS, a widely used printing service on Linux and UNIX-like systems. The issue arises when authentication is configured to use a method other than Basic, but the attacker sends an HTTP request with a Basic authentication header. Due to improper validation in the cupsdAuthorize...

CVE-2025-59681

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the kwarg...

WAInjectBench: Benchmarking Prompt Injection Detections for Web Agents

Multiple prompt injection attacks have been proposed against web agents. At the same time, various methods have been developed to detect general prompt injection attacks, but none have been systematically evaluated for web agents. In this work, we bridge this gap by presenting the first...

Django -- multiple vulnerabilities

Django reports: CVE-2025-59681: Potential SQL injection in QuerySet.annotate, alias, aggregate, and extra on MySQL and MariaDB. CVE-2025-59682: Potential partial directory-traversal via archive.extract...

CVE-2025-59681

CVE-2025-59681 affects Django: SQL injection in column aliases when using crafted dictionaries via **kwargs passed to QuerySet.annotate(), alias(), aggregate(), or extra() on MySQL/MariaDB. Initial description specifies vulnerable versions: Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 bef...