CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

48 matches found

OSV•added 2026/04/16 11:38 p.m.•1 views

BIT-DJANGO-2026-4292 Privilege abuse in ModelAdmin.list_editable

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

2.7CVSS5.6AI score0.00014EPSS

Exploits0References4

OSV•added 2026/04/07 3:30 p.m.•1 views

GHSA-MMWR-2JHP-MC7J Django vulnerable to privilege abuse in ModelAdmin.list_editable

2.7CVSS5.8AI score0.00014EPSS

Exploits0References5

Github Security Blog•added 2026/04/07 3:30 p.m.•6 views

Django vulnerable to privilege abuse in ModelAdmin.list_editable

2.7CVSS5.8AI score0.00014EPSS

Exploits0References5Affected Software1

Vulnrichment•added 2026/04/07 2:22 p.m.•0 views

CVE-2026-4292 Privilege abuse in ModelAdmin.list_editable

5.8AI score0.00014EPSS

Exploits0References3

UbuntuCve•added 2026/04/07 2:0 p.m.•0 views

CVE-2026-4292

2.7CVSS5.8AI score0.00014EPSS

Exploits0References4

RedhatCVE•added 2026/01/09 9:28 a.m.•3 views

CVE-2023-49783

Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using...

4.3CVSS6.7AI score0.00146EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2016-0003

Malware in sbrugna...

6CVSS5.7AI score0.00142EPSS

Exploits0References10

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-0278

Malicious code in bioql PyPI...

6.4CVSS5.6AI score0.01096EPSS

Exploits0References11

RedhatCVE•added 2025/05/23 6:1 a.m.•1 views

CVE-2023-28836

Wagtail is an open source content management system built on Django. Starting in version 1.5 and prior to versions 4.1.4 and 4.2.2, a stored cross-site scripting XSS vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for th...

6.4CVSS5.6AI score0.01096EPSS

Exploits0References1

Github Security Blog•added 2024/01/23 8:9 p.m.•17 views

No permission checks for editing/deleting records with CSV import form

Impact Users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using the CSV import form, provided they have create permissions. The likelyhood of a user having create permissions but not having edit or delete permissions is low, but it...

4.3CVSS4.5AI score0.00146EPSS

Exploits0References8Affected Software1

OSV•added 2024/01/23 8:9 p.m.•10 views

GHSA-J3M6-GVM8-MHVW No permission checks for editing/deleting records with CSV import form

4.3CVSS4.4AI score0.00146EPSS

Exploits0References8

Prion•added 2024/01/23 2:15 p.m.•11 views

Code injection

4CVSS7AI score0.00146EPSS

Exploits0References2Affected Software1

CVE•added 2024/01/23 1:54 p.m.•33 views

CVE-2023-49783

CVE-2023-49783 affects SilverStripe Admin. In 1.x before 1.13.19 and 2.x before 2.1.8, users who lack edit/delete permissions for ModelAdmin records can still edit/delete records via the CSV import form if they have create permissions. The issue can enable unintended record modification, though t...

4.3CVSS4.4AI score0.00146EPSS

Exploits0References2Affected Software1

Cvelist•added 2024/01/23 1:54 p.m.•7 views

CVE-2023-49783 No permission checks for editing/deleting records with CSV import form

4.3CVSS4.8AI score0.00146EPSS

Exploits0References2

OSV•added 2024/01/23 1:54 p.m.•8 views

CVE-2023-49783 No permission checks for editing/deleting records with CSV import form

4.3CVSS4.7AI score0.00146EPSS

Exploits0References4

Tenable Nessus•added 2023/08/31 12:0 a.m.•22 views

FreeBSD : py-wagtail -- stored XSS vulnerability (17efbe19-4e72-426a-8016-2b4e001c1378)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 17efbe19-4e72-426a-8016-2b4e001c1378 advisory. - Wagtail is an open source content management system built on Django. Starting in version 1.5 and prio...

6.4CVSS5.7AI score0.01096EPSS

Exploits0References3

Veracode•added 2023/04/10 1:6 p.m.•16 views

Stored Cross-Site Scripting (XSS)

wagtail is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to the ModelAdmin views inside the admin interface, which allows an admin authenticated attacker to inject and execute arbitrary JavaScript into the browser...

6.4CVSS5.3AI score0.01096EPSS

Exploits0References9Affected Software1

Github Security Blog•added 2023/04/03 5:25 p.m.•25 views

Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views

Impact A stored cross-site scripting XSS vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft pages and documents that, when viewed by a user with higher privileges, could perform...

6.4CVSS4.9AI score0.01096EPSS

Exploits0References12Affected Software1

OSV•added 2023/04/03 5:25 p.m.•13 views

GHSA-5286-F2RF-35C2 Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views

7.5CVSS5.8AI score0.01096EPSS

Exploits0References12