CVE-2026-48587

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

PT-2026-28535

Name of the Vulnerable Software and Affected Versions Pi-hole versions prior to 6.0 Description The Pi-hole Admin Interface, a web interface for managing the Pi-hole ad and internet tracker blocking application, contains an OS Command Injection issue in the savesettings.php file. The application...

CVE-2026-23759

Perle IOLAN STS/SCS terminal server models with firmware versions prior to 6.0 allow authenticated OS command injection via the restricted shell accessed over Telnet or SSH. The shell 'ps' command does not perform proper argument sanitization and passes user-supplied parameters into an 'sh -c'...

CVE-2024-35228

Wagtail is an open source content management system built on Django. Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, eve...

CVE-2022-32555

Unisys Data Exchange Management Studio before 6.0.IC2 and 7.x before 7.0.IC1 doesn't have an Anti-CSRF token to authenticate the POST request. Thus, a cross-site request forgery attack could occur...