SUSE SLES15 Security Update : python-Django (SUSE-SU-2026:1740-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1740-1 advisory. This update for python-Django fixes the following issues - CVE-2026-3902: headers spoofing by exploiting an ambiguous mapping of two header...

OESA-2026-2216 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker ...

SUSE-SU-2026:1740-1 Security update for python-Django

This update for python-Django fixes the following issues - CVE-2026-3902: headers spoofing by exploiting an ambiguous mapping of two header variants in ASGIRequest requests bsc1261729. - CVE-2026-4277: permissions on inline model instances were not validated on submission of forged POST data in...

Security update for python-Django (important)

openSUSE security update: security update for python-django ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20578-1 Rating: important References: bsc1261722 bsc1261724 bsc1261729 bsc1261731 bsc1261732 Cross-References: CVE-2026-33033 CVE-2026-33034...

BIT-DJANGO-2026-4277 Privilege abuse in GenericInlineModelAdmin

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

Updated python-django packages fix security vulnerabilities

ASGI header spoofing via underscore/hyphen conflation. CVE-2026-3902 Privilege abuse in GenericInlineModelAdmin. CVE-2026-4277 Privilege abuse in ModelAdmin.listeditable. CVE-2026-4292 Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload. CVE-2026-33033...

Missing Authorization

Django is vulnerable to Missing Authorization. The vulnerability is due to missing validation of add permissions for inline model instances in GenericInlineModelAdmin, which allows an attacker to submit forged POST data and create unauthorized objects...

Missing Authorization

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Missing Authorization in the InlineModelAdmin.getformset function. An attacker can gain unauthorized access to add inline model...

GHSA-PWJP-CCJC-GHWG Django vulnerable to privilege abuse in GenericInlineModelAdmin

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

DEBIAN-CVE-2026-4277

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

CVE-2026-4292 Privilege abuse in ModelAdmin.list_editable

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

CVE-2026-4292

Django CVE-2026-4292 affects multiple supported lines and older unsupported series: 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. The issue arises from Admin changelist forms using ModelAdmin.list_editable , which can be exploited to create new instances via forged POST data. The de...

UBUNTU-CVE-2026-4292

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

PT-2026-30869

Name of the Vulnerable Software and Affected Versions Django versions 6.0 through 6.0.3, 5.2 through 5.2.12, and 4.2 through 4.2.29 Description A flaw exists in the permission validation process for inline model instances within GenericInlineModelAdmin when handling forged POST data. This could...

Django 安全漏洞

Django is a Python-based open-source web framework developed by the Django Foundation. This framework includes an object-oriented mapper, view system, template system, etc. Versions of Django prior to 6.0.4, 5.2.13, and 4.2.30 contained security vulnerabilities. These vulnerabilities stemmed from...

Linux Distros Unpatched Vulnerability : CVE-2024-34008

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk. CVE-2024-34008 Note that Nessus relies on the...

MAL-2025-22882 Malicious code in ic-model-admin (npm)

The package ic-model-admin was found to contain malicious code...

Malicious code in ic-model-admin (npm)

The package ic-model-admin was found to contain malicious code...

PT-2024-13800 · Silverstripe · Silverstripe/Admin

Name of the Vulnerable Software and Affected Versions: Silverstripe Admin versions 1.x prior to 1.13.19 Silverstripe Admin versions 2.x prior to 2.1.8 Description: The issue allows users who don't have edit or delete permissions for records exposed in a ModelAdmin to still edit or delete records...

@instacarro/ic-model-admin (>=2.0.5 <=2.0.8), grommet-toolbox (>=0.1.3 <=0.2.12) +4 more potentially affected by CVE-2020-7605 via gulp-tape (>=0.0.10 <=1.0.0)

gulp-tape NPM version =0.0.10, =2.0.5, =0.1.3, =0.1.1, =0.1.5, =0.43.2 - sp-router-js =1.0.1 Source cves: CVE-2020-7605 Source advisory: OSV:GHSA-X67X-98X7-WV26...