Lucene search
+L

188 matches found

OSV
OSV
added last week2 views

OPENSUSE-SU-2026:21313-1 Security update for python-Django

This update for python-Django fixes the following issues: Changes in python-Django: - CVE-2026-48588: Potential exposure of private data via cached Set-Cookie response bsc1271029 - CVE-2026-53877: Heap buffer over-read in GDALRaster bsc1271030 - CVE-2026-53878: Header injection possibility since...

6.3CVSS7AI score0.00375EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/08 12:37 a.m.7 views

EUVD-2026-42128

Cap's GET /api/video/ai endpoint fails to validate user ownership or membership before returning private video AI metadata including titles, summaries, and chapters. Authenticated attackers can supply arbitrary video IDs to read sensitive AI-generated content and trigger unauthorized AI generatio...

7.1CVSS6AI score0.00216EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/07 2:9 p.m.34 views

CVE-2026-48588 Potential exposure of private data via cached Set-Cookie response

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. UpdateCacheMiddleware and the cachepage decorator cache responses that vary on cookies when the incoming request carries unrelated cookies, which allows remote attackers to read private data from the shared cache. Earlier,...

3.1CVSS0.00375EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/07/07 2:9 p.m.5 views

CVE-2026-48588

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. UpdateCacheMiddleware and the cachepage decorator cache responses that vary on cookies when the incoming request carries unrelated cookies, which allows remote attackers to read private data from the shared cache. Earlier,...

5.3CVSS5.9AI score0.00375EPSS
Exploits0
EUVD
EUVD
added 2026/07/07 2:9 p.m.7 views

EUVD-2026-42043

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. UpdateCacheMiddleware and the cachepage decorator cache responses that vary on cookies when the incoming request carries unrelated cookies, which allows remote attackers to read private data from the shared cache. Earlier,...

3.1CVSS6AI score0.00375EPSS
Exploits0References3
CVE
CVE
added 2026/07/07 2:9 p.m.13 views

CVE-2026-48588

CVE-2026-48588 affects Django 6.0 before 6.0.7 and 5.2 before 5.2.16. The issue arises in UpdateCacheMiddleware and the cache_page() decorator, which cache responses that vary on cookies when unrelated cookies are present, allowing remote attackers to read private data from the shared cache. Earl...

5.3CVSS6AI score0.00375EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/07/03 8:19 p.m.4 views

CVE-2026-27761 Gitea repository feeds bypass API token scope enforcement

Gitea versions up to and including 1.26.2 allow repository RSS and Atom feed endpoints to bypass API access token scope checks, exposing private repository commit data to tokens without the required repository scope...

4.3CVSS7.1AI score0.00367EPSS
Exploits0References6
CVE
CVE
added 2026/07/03 8:19 p.m.22 views

CVE-2026-24451

Gitea 1.26.2 has an information exposure vulnerability where fork synchronization continues after the parent repo switches from public to private, allowing a fork to access data it should not be authorized to see. Connected sources identify this as affecting Gitea components through the fork sync...

7.5CVSS7.2AI score0.00482EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.39 views

CVE-2026-24451 Gitea fork synchronization can expose private parent repository data

Gitea 1.26.2 allows fork synchronization to continue after a parent repository changes from public to private, exposing data to a fork that should no longer be authorized...

0.00482EPSS
Exploits0References4
CVE
CVE
added 2026/06/26 7:29 p.m.16 views

CVE-2026-49355

OpenProject (open-source, web-based project management) contains a vulnerability in versions prior to 17.4.0. The issue arises in GET /api/v3/meetings/:meeting_id/agenda_items/:agenda_item_id, which may disclose private work package data from a linked work package that belongs to a private/inacce...

4.3CVSS5.8AI score0.00214EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 12:38 p.m.43 views

CVE-2026-57921

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint...

4.3CVSS0.00177EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 12:38 p.m.8 views

CVE-2026-57921

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint...

4.3CVSS5.8AI score0.00177EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 9:16 p.m.9 views

CVE-2026-52795

Gogs is an open source self-hosted Git service. In 0.14.3 and earlier, any authenticated user can watch a private repository they have no access to, because the access check in the Watch API handler is inverted. The code checks if repoCtx.ViewerCanRead returns 404 when the user CAN read instead o...

4.3CVSS0.00168EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 3:18 p.m.5 views

Exposure of Private Personal Information to an Unauthorized Actor

Overview Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor in the display of historical job and agent configurations. An attacker can access sensitive encrypted secret values by obtaining Extended Read permission. Remediation...

7.1CVSS6AI score0.0013EPSS
Exploits0References2
OSV
OSV
added 2026/06/06 8:39 a.m.11 views

BIT-DJANGO-2026-8404 Potential exposure of private data via case-sensitive Cache-Control directives in UpdateCacheMiddleware

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their...

5.3CVSS5.4AI score0.00285EPSS
Exploits0References4
OSV
OSV
added 2026/06/06 8:39 a.m.11 views

BIT-DJANGO-2026-48587 Potential exposure of private data via whitespace padding in Vary header

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

5.3CVSS5.4AI score0.00354EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.11 views

CVE-2025-13477

Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. This issue affects WifiBurada: through 21052026. NOTE: The vendor was contacted early about this...

7.1CVSS5.4AI score0.00224EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/03 1:16 p.m.36 views

CVE-2026-48587 Potential exposure of private data via whitespace padding in Vary header

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

3.1CVSS0.00354EPSS
Exploits0References3
CVE
CVE
added 2026/06/03 1:16 p.m.50 views

CVE-2026-48587

CVE-2026-48587 affects Django 5.2 before 5.2.15 and 6.0 before 6.0.6. The flaw in django.utils.cache.has_vary_header() does not strip leading/trailing whitespace from the Vary header before comparison, enabling remote attackers to read cached responses by requesting URLs whose responses contain w...

5.3CVSS5.8AI score0.00354EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/03 1:16 p.m.189 views

CVE-2026-35193

Technical details about CVE-2026-35193 are not publicly available in the provided documents. Monitor for official updates from Django security advisories.

3.1CVSS5.8AI score0.00359EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder