Lucene search
+L

181 matches found

github
github
added 2026/02/03 3:30 p.m.9 views

Django has an SQL Injection issue

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. .QuerySet.orderby is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in FilteredRelation. Earlier,...

8.5CVSS5.6AI score0.00802EPSS
Exploits1References8Affected Software1
osv
osv
added 2026/02/03 3:16 p.m.8 views

PYSEC-2026-46

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. FilteredRelation is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet methods annotate, aggregat...

5.4CVSS7.3AI score0.00754EPSS
Exploits0References4
osv
osv
added 2026/02/03 3:16 p.m.7 views

PYSEC-2026-47

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. .QuerySet.orderby is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in FilteredRelation. Earlier,...

5.4CVSS6AI score0.00802EPSS
Exploits1References4
pypa
pypa
added 2026/02/03 3:16 p.m.12 views

PYSEC-2026-46

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.FilteredRelation is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet methods annotate, aggregate...

5.4CVSS7.3AI score0.00754EPSS
Exploits0References4Affected Software1
pypa
pypa
added 2026/02/03 3:16 p.m.14 views

PYSEC-2026-47

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28..QuerySet.orderby is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in FilteredRelation.Earlier,...

5.4CVSS7.3AI score0.00802EPSS
Exploits1References4Affected Software1
nvd
nvd
added 2026/02/03 3:16 p.m.7 views

CVE-2026-1287

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. FilteredRelation is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet methods annotate, aggregat...

8.3CVSS0.00754EPSS
Exploits0References15
nvd
nvd
added 2026/02/03 3:16 p.m.6 views

CVE-2026-1312

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. .QuerySet.orderby is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in FilteredRelation. Earlier,...

8.5CVSS0.00802EPSS
Exploits1References15
debiancve
debiancve
added 2026/02/03 2:36 p.m.6 views

CVE-2026-1312

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. .QuerySet.orderby is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in FilteredRelation. Earlier,...

8.5CVSS7.3AI score0.00802EPSS
Exploits1
vulnrichment
vulnrichment
added 2026/02/03 2:36 p.m.9 views

CVE-2026-1312 Potential SQL injection via QuerySet.order_by and FilteredRelation

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. .QuerySet.orderby is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in FilteredRelation. Earlier,...

5.6AI score0.00802EPSS
Exploits1References3
attackerkb
attackerkb
added 2026/02/03 2:36 p.m.7 views

CVE-2026-1312

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. .QuerySet.orderby is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in FilteredRelation. Earlier,...

5.6AI score0.00802EPSS
Exploits1References4Affected Software1
cve
cve
added 2026/02/03 2:36 p.m.24 views

CVE-2026-1312

CVE-2026-1312 affects Django: 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The issue is a SQL injection in QuerySet.order_by() when using column aliases that contain periods in a FilteredRelation, where the same alias is passed via a crafted dictionary using dictionary expansion. T...

8.5CVSS5.6AI score0.00802EPSS
Exploits1References15Affected Software1
euvd
euvd
added 2026/02/03 2:36 p.m.5 views

EUVD-2026-5236

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. .QuerySet.orderby is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in FilteredRelation. Earlier,...

5.4CVSS5.6AI score0.00802EPSS
Exploits1References3
cvelist
cvelist
added 2026/02/03 2:36 p.m.32 views

CVE-2026-1312 Potential SQL injection via QuerySet.order_by and FilteredRelation

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. .QuerySet.orderby is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in FilteredRelation. Earlier,...

0.00802EPSS
Exploits1References3
alpinelinux
alpinelinux
added 2026/02/03 2:36 p.m.8 views

CVE-2026-1312

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. .QuerySet.orderby is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in FilteredRelation. Earlier,...

8.5CVSS5.6AI score0.00802EPSS
Exploits1
attackerkb
attackerkb
added 2026/02/03 2:36 p.m.6 views

CVE-2026-1287

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. FilteredRelation is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet methods annotate, aggregat...

5.6AI score0.00754EPSS
Exploits0References4Affected Software1
ubuntucve
ubuntucve
added 2026/02/03 2:0 p.m.6 views

CVE-2026-1312

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. .QuerySet.orderby is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in FilteredRelation. Earlier,...

8.5CVSS7.2AI score0.00802EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2026/02/03 12:0 a.m.6 views

PT-2026-6036

Name of the Vulnerable Software and Affected Versions Django versions 6.0 through 6.0.1 Django versions 5.2 through 5.2.10 Django versions 4.2 through 4.2.27 Django versions 5.0.x and earlier Django versions 4.1.x and earlier Django versions 3.2.x and earlier Description The FilteredRelation...

8.3CVSS5.6AI score0.00754EPSS
Exploits0References170
ptsecurity
ptsecurity
added 2026/02/03 12:0 a.m.4 views

PT-2026-6375

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. .QuerySet.order by is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in FilteredRelation. Earlier,...

9.3CVSS5.7AI score0.00802EPSS
Exploits1References8
nessus
nessus
added 2026/02/03 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-1312

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. .QuerySet.orderby is subject to SQL injection in column aliases containin...

8.5CVSS6.1AI score0.00802EPSS
Exploits1References2
cnnvd
cnnvd
added 2026/02/03 12:0 a.m.9 views

Django 安全漏洞

Django is a set of open-source web framework based on the Python language, developed by the Django Foundation. This framework includes an object-oriented mapper, view system, template system, etc. Versions prior to Django 6.0.2, 5.2.11, and 4.2.28 have security vulnerabilities. These...

5.4CVSS7.4AI score0.00802EPSS
Exploits1References4
Rows per page
Query Builder