Lucene search
K

7 matches found

Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.12 views

PT-2026-39153

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Response headers do not vary on cookies if a session is not modified, but SESSION SAVE EVERY REQUEST is True. A remote attacker can steal a user's session after that user visits a cached public page. Earlier, unsupported Django...

6.5CVSS5.8AI score0.00544EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2026/04/07 2:22 p.m.3 views

CVE-2026-3902

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

7.5CVSS5.8AI score0.00436EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.5 views

PT-2026-30851

Name of the Vulnerable Software and Affected Versions Django versions 4.2 through 4.2.29, 5.2 through 5.2.12, and 6.0 through 6.0.3 Description ASGI requests lacking or underreporting the Content-Length header may bypass the DATA UPLOAD MAX MEMORY SIZE limit when processing HttpRequest.body,...

9.8CVSS5.8AI score0.00769EPSS
Exploits1References33
OSV
OSV
added 2026/02/03 3:16 p.m.5 views

PYSEC-2026-44

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on RasterField only implemented on PostGIS allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluate...

5.4CVSS7.3AI score0.09436EPSS
Exploits1References4
EUVD
EUVD
added 2026/02/03 2:38 p.m.5 views

EUVD-2025-206739

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. ASGIRequest allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not...

7.5CVSS5.5AI score0.00993EPSS
Exploits0References3
OSV
OSV
added 2025/11/05 12:0 a.m.5 views

UBUNTU-CVE-2025-64459

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...

9.1CVSS7.2AI score0.19396EPSS
Exploits10References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/14 6:10 a.m.5 views

Multiple vulnerabilities in GROWI

Overview GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. NoSQL injection CWE-943 - CVE-2021-20736 Improper authentication CWE-287 - CVE-2021-20737 Impact The expected impact depends on each vulnerability, but it may be affected as follows. A user who can access the...

9.1CVSS7.1AI score0.01307EPSS
Exploits0References8
Rows per page
Query Builder