CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

237 matches found

Tenable Nessus•added 2026/05/09 12:0 a.m.•2 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-017335)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017335 advisory. An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for...

5.3CVSS5.8AI score0.00036EPSS

Exploits0References4

AstraLinux•added 2026/05/03 11:59 p.m.•14 views

Astra Linux - уязвимость в mod-wsgi

A vulnerability was discovered in modwsgi. The X-Client-IP header is not removed from a request sent from a trusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application. The condition necessary to remove the X-Client-IP header is missing...

7.5CVSS7.1AI score0.00461EPSS

Exploits1References2

OSV•added 2026/03/06 12:41 p.m.•3 views

OESA-2026-1507 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django versions before 6.0.2, before 5.2.11, and before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsg...

7.5CVSS6.4AI score0.05295EPSS

Exploits2References6

OSV•added 2026/02/13 1:15 p.m.•5 views

OESA-2026-1344 python-django security update

7.5CVSS6.9AI score0.05295EPSS

Exploits2References7

OSV•added 2026/02/13 1:15 p.m.•5 views

OESA-2026-1343 python-django security update

7.5CVSS6.9AI score0.05295EPSS

Exploits2References7

SUSE Linux•added 2026/02/11 9:38 a.m.•5 views

Security update for python-Django

This update for python-Django fixes the following issues: CVE-2025-14550: Fixed potential denial-of-service via repeated headers when using ASGIbsc1257403 CVE-2026-1312: Fixed potential SQL injection via QuerySet.orderby and FilteredRelation bsc1257408 CVE-2026-1287: Fixed potential SQL injection...

8.1CVSS5.8AI score0.05295EPSS

Exploits2References24

OSV•added 2026/02/11 9:38 a.m.•2 views

SUSE-SU-2026:0440-1 Security update for python-Django

This update for python-Django fixes the following issues: - CVE-2025-14550: Fixed potential denial-of-service via repeated headers when using ASGIbsc1257403 - CVE-2026-1312: Fixed potential SQL injection via QuerySet.orderby and FilteredRelation bsc1257408 - CVE-2026-1287: Fixed potential SQL...

7.5CVSS5.9AI score0.05295EPSS

Exploits2References13

Veracode•added 2026/02/11 7:14 a.m.•3 views

User Enumeration

Django is vulnerable to user enumeration. The vulnerability is due to improper handling of authentication timing differences in the django.contrib.auth.handlers.modwsgi.checkpassword function when used with modwsgi, which allows a remote attacker to enumerate valid users by measuring response tim...

5.3CVSS5.6AI score0.00036EPSS

Exploits0References7Affected Software1

OpenVAS•added 2026/02/09 12:0 a.m.•4 views

Mageia: Security Advisory (MGASA-2026-0032)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS5.5AI score0.05295EPSS

Exploits2References4

Tenable Nessus•added 2026/02/09 12:0 a.m.•4 views

openSUSE 16 Security Update : python-Django (openSUSE-SU-2026:20184-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20184-1 advisory. Changes in python-Django: - CVE-2026-1312: Fixed potential SQL injection via QuerySet.orderby and FilteredRelation bsc1257408. - CVE-2026-1287:...

7.5CVSS5.9AI score0.05295EPSS

Exploits2References18

OPENSUSE Linux•added 2026/02/08 12:0 a.m.•3 views

Security update for python-Django (important)

openSUSE security update: security update for python-django ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20184-1 Rating: important References: bsc1257401 bsc1257403 bsc1257405 bsc1257406 bsc1257407 bsc1257408 Cross-References: CVE-2025-13473...

8.1CVSS5.6AI score0.05295EPSS

Exploits2References6

OSV•added 2026/02/06 3:57 p.m.•3 views

OESA-2026-1308 python-django security update

7.5CVSS6.9AI score0.05295EPSS

Exploits2References7

OSV•added 2026/02/06 3:57 p.m.•3 views

OESA-2026-1307 python-django security update

7.5CVSS6.9AI score0.05295EPSS

Exploits2References7

OSV•added 2026/02/05 8:38 a.m.•3 views

BIT-DJANGO-2025-13473 Username enumeration through timing difference in mod_wsgi authentication handler

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series such as 5.0.x,...

5.3CVSS5.5AI score0.00036EPSS

Exploits0References4

SUSE CVE•added 2026/02/05 12:47 a.m.•9 views

SUSE CVE-2025-13473

7.5CVSS5.4AI score0.00036EPSS

Exploits0References4

RedhatCVE•added 2026/02/03 8:12 p.m.•2 views

CVE-2025-13473

A flaw was found in Django. A remote attacker can exploit a timing attack vulnerability in the django.contrib.auth.handlers.modwsgi.checkpassword function, which is used for authentication via the Apache modwsgi module. This allows the attacker to determine valid usernames on the system, leading ...

5.3CVSS5.3AI score0.00036EPSS

Exploits0References6