Lucene search
K

700 matches found

AlpineLinux
AlpineLinux
added 2026/04/07 2:22 p.m.4 views

CVE-2026-4292

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

2.7CVSS5.8AI score0.00294EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/07 2:22 p.m.18 views

CVE-2026-4292 Privilege abuse in ModelAdmin.list_editable

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

0.00294EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/07 2:22 p.m.1 views

CVE-2026-4292 Privilege abuse in ModelAdmin.list_editable

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

5.8AI score0.00294EPSS
Exploits0References3
CVE
CVE
added 2026/04/07 2:22 p.m.15 views

CVE-2026-4292

Django CVE-2026-4292 affects multiple supported lines and older unsupported series: 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. The issue arises from Admin changelist forms using ModelAdmin.list_editable , which can be exploited to create new instances via forged POST data. The de...

2.7CVSS5.8AI score0.00294EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/07 2:22 p.m.4 views

CVE-2026-4292

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

5.8AI score0.00294EPSS
Exploits0References4Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/07 2:22 p.m.2 views

CVE-2026-4277

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

9.8CVSS5.8AI score0.00458EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/07 2:22 p.m.20 views

CVE-2026-4277 Privilege abuse in GenericInlineModelAdmin

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

0.00458EPSS
Exploits0References3
CVE
CVE
added 2026/04/07 2:22 p.m.31 views

CVE-2026-4277

The CVE-2026-4277 issue affects Django: versions 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. The vulnerability concerns improper validation of permissions on inline model instances when submitting forged POST data via GenericInlineModelAdmin. This could allow unauthorized access o...

9.8CVSS5.8AI score0.00458EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/07 2:22 p.m.9 views

CVE-2026-4277

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

5.8AI score0.00458EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/07 2:0 p.m.4 views

UBUNTU-CVE-2026-4292

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

2.7CVSS5.8AI score0.00294EPSS
Exploits0References5
OSV
OSV
added 2026/04/07 2:0 p.m.7 views

UBUNTU-CVE-2026-4277

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

9.8CVSS5.8AI score0.00458EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.10 views

Django 安全漏洞

Django is a set of open-source web frameworks based on the Python language, developed by the Django Foundation. This framework includes an object-oriented mapper, view system, template system, etc. Versions of Django prior to 6.0.4, 5.2.13, and 4.2.30 contained security vulnerabilities. These...

2.7CVSS5.8AI score0.00294EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.5 views

PT-2026-30870

Name of the Vulnerable Software and Affected Versions Django versions 6.0 through 6.0.3 Django versions 5.2 through 5.2.12 Django versions 4.2 through 4.2.29 Django versions 5.0.x and earlier Django versions 4.1.x and earlier Django versions 3.2.x and earlier Description An issue was discovered...

7.5CVSS5.7AI score0.00769EPSS
Exploits0References42
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.9 views

PT-2026-30869

Name of the Vulnerable Software and Affected Versions Django versions 6.0 through 6.0.3, 5.2 through 5.2.12, and 4.2 through 4.2.29 Description A flaw exists in the permission validation process for inline model instances within GenericInlineModelAdmin when handling forged POST data. This could...

9.8CVSS5.8AI score0.00769EPSS
Exploits1References31
Tenable Nessus
Tenable Nessus
added 2026/04/07 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-4277

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submissio...

9.8CVSS5.7AI score0.00458EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.9 views

Django 安全漏洞

Django is a Python-based open-source web framework developed by the Django Foundation. This framework includes an object-oriented mapper, view system, template system, etc. Versions of Django prior to 6.0.4, 5.2.13, and 4.2.30 contained security vulnerabilities. These vulnerabilities stemmed from...

9.8CVSS5.8AI score0.00458EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/02 10:55 p.m.5 views

CVE-2026-34565

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when adding Posts to navigation menus through the Menu Manageme...

9.1CVSS5.7AI score0.00269EPSS
Exploits1References1
OSV
OSV
added 2026/03/31 11:11 p.m.6 views

GHSA-4RWM-C5MJ-WH7X Admidio has CSRF and Form Validation Bypass in Inventory Item Save via `imported` Parameter

Summary The inventory module's itemsave endpoint accepts a user-controllable POST parameter imported that, when set to true, completely bypasses both CSRF token validation and server-side form validation. An authenticated user can craft a direct POST request to save arbitrary inventory item data...

4.3CVSS6AI score0.00133EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.5 views

CVE-2026-32757

Admidio is an open-source user management solution. In versions 5.0.6 and below, the eCard send handler uses a raw $POST'ecardmessage' value instead of the HTMLPurifier-sanitized $formValues'ecardmessage' when constructing the greeting card HTML. This allows an authenticated attacker to inject...

5.4CVSS5.8AI score0.00227EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.20 views

CVE-2026-3584

The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.4.9 via the 'formprocess' function. This is due to the 'preparepostdata' function mapping user-supplied keys directly into internal placeholder storage, combined with the use of...

9.8CVSS6.1AI score0.07239EPSS
Exploits2References1
Rows per page
Query Builder