Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

325 matches found

Positive Technologies
Positive Technologiesadded 2026/01/28 12:0 a.m.7 views

PT-2026-5129

Name of the Vulnerable Software and Affected Versions juju affected versions not specified Description A flaw exists in juju related to cross-model authorization. If permissions for a charm in a cross-model relation are revoked or expire, a malicious user capable of updating database records can...

2.1CVSS5.8AI score0.00133EPSS
Exploits0References10
RedhatCVE
RedhatCVEadded 2026/01/09 11:35 a.m.4 views

CVE-2021-41465

Cross-site scripting XSS vulnerability in concrete/elements/collectiontheme.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter...

6.1CVSS6AI score0.00818EPSS
Exploits1References1
SUSE CVE
SUSE CVEadded 2026/01/06 12:24 a.m.1 views

SUSE CVE-2025-68758

In the Linux kernel, the following vulnerability has been resolved: backlight: led-bl: Add devlink to supplier LEDs LED Backlight is a consumer of one or multiple LED class devices, but devlink is currently unable to create correct supplier-producer links when the supplier is a class device. It...

6.1CVSS6.4AI score0.00165EPSS
Exploits0References21
Tenable Nessus
Tenable Nessusadded 2025/12/18 12:0 a.m.7 views

Fedora 42 : python-django4.2 (2025-b1379d950d)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-b1379d950d advisory. - Fixes CVE-2025-13372: Potential SQL injection in FilteredRelation column aliases on PostgreSQL - Fixes CVE-2025-64460: Potential denial-of-service...

9.8CVSS8.2AI score0.18752EPSS
Exploits14References7
Snyk
Snykadded 2025/12/16 7:5 a.m.1 views

Malicious Package

Overview elf-stats-fuzzy-marshmallow-280 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and th...

9.8CVSS6.8AI score
Exploits0References2
OSV
OSVadded 2025/12/13 11:36 a.m.4 views

BIT-DJANGO-2025-13372 Potential SQL injection in FilteredRelation column aliases on PostgreSQL

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...

4.3CVSS7.9AI score0.0087EPSS
Exploits0References4
SUSE Linux
SUSE Linuxadded 2025/12/12 1:28 p.m.3 views

Security update for python-Django

This update for python-Django fixes the following issues: CVE-2025-13372: Fixed SQL Injection in FilteredRelation bsc1254437 CVE-2025-64460: Fixed denial of service via specially crafted XML input in django.core.serializers.xmlserializer.getInnerText bsc1254437 Patch Instructions: To install this...

7.5CVSS8AI score0.02106EPSS
Exploits0References6
OSV
OSVadded 2025/12/12 1:28 p.m.2 views

SUSE-SU-2025:4384-1 Security update for python-Django

This update for python-Django fixes the following issues: - CVE-2025-13372: Fixed SQL Injection in FilteredRelation bsc1254437 - CVE-2025-64460: Fixed denial of service via specially crafted XML input in django.core.serializers.xmlserializer.getInnerText bsc1254437...

7.5CVSS7.8AI score0.02106EPSS
Exploits0References4
OSV
OSVadded 2025/12/12 12:21 p.m.6 views

OESA-2025-2851 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted...

7.5CVSS7.7AI score0.02106EPSS
Exploits0References3
OSV
OSVadded 2025/12/12 12:21 p.m.6 views

OESA-2025-2850 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted...

7.5CVSS7.7AI score0.02106EPSS
Exploits0References3
OSV
OSVadded 2025/12/12 12:21 p.m.4 views

OESA-2025-2847 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted...

4.3CVSS7.9AI score0.0087EPSS
Exploits0References2
SUSE CVE
SUSE CVEadded 2025/12/12 12:24 a.m.3 views

SUSE CVE-2025-65111

SpiceDB is an open source database system for creating and managing security-critical application permissions. Prior to version 1.47.1, if a schema includes the following characteristics: permission defined in terms of a union + and that union references the same relation on both sides but one si...

6.3CVSS6.8AI score0.0019EPSS
Exploits0References2
SUSE CVE
SUSE CVEadded 2025/12/05 12:43 a.m.3 views

SUSE CVE-2025-13372

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...

4.3CVSS8AI score0.0087EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2025/12/04 12:0 a.m.5 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : Django vulnerabilities (USN-7903-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7903-1 advisory. It was discovered that Django incorrectly handled certain characters in the...

7.5CVSS7.5AI score0.02106EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2025/12/03 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-13372

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a...

4.3CVSS7.3AI score0.0087EPSS
Exploits0References2
UbuntuCve
UbuntuCveadded 2025/12/02 7:15 p.m.3 views

CVE-2025-13721

Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

7.5CVSS7.1AI score0.00184EPSS
Exploits0References3
EUVD
EUVDadded 2025/12/02 6:30 p.m.3 views

EUVD-2025-200249

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...

4.3CVSS7.4AI score0.0087EPSS
Exploits0References4
OSV
OSVadded 2025/12/02 6:30 p.m.1 views

GHSA-RQW2-GHQ9-44M7 Django is vulnerable to SQL injection in column aliases

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...

4.3CVSS7.2AI score0.0087EPSS
Exploits0References11
PyPA
PyPAadded 2025/12/02 4:15 p.m.8 views

PYSEC-2025-104

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27.FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL.Earlier,...

4.3CVSS7.3AI score0.0087EPSS
Exploits0References4Affected Software1
NVD
NVDadded 2025/12/02 4:15 p.m.4 views

CVE-2025-13372

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...

4.3CVSS0.0087EPSS
Exploits0References3
Rows per page
Query Builder