CVE-2026-2503

The ElementCamp plugin for WordPress is vulnerable to time-based SQL Injection via the 'metaquerycompare' parameter in the 'tcgselect2searchpost' AJAX action in all versions up to, and including, 2.3.6. This is due to the user-supplied compare value being placed as an SQL operator in the query...

PT-2025-47716

Name of the Vulnerable Software and Affected Versions WP Directory Kit versions prior to 1.4.4 Description The WP Directory Kit plugin for WordPress is susceptible to SQL Injection through the columns search parameter of the select 2 ajax function. Insufficient input sanitization and inadequate S...

EUVD-2020-23750

Malware in sbrugna...

EUVD-2025-28218

Malicious code in bioql PyPI...

EUVD-2025-24664

Malicious code in bioql PyPI...

EUVD-2022-5155

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-48383

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and...

CVE-2025-8936

A vulnerability was determined in 1000 Projects Sales Management System 1.0. Affected by this issue is some unknown functionality of the file /superstore/dist/dordupdate.php. The manipulation of the argument select2 leads to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2025-8936

A vulnerability was determined in 1000 Projects Sales Management System 1.0. Affected by this issue is some unknown functionality of the file /superstore/dist/dordupdate.php. The manipulation of the argument select2 leads to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2025-8936

A vulnerability was determined in 1000 Projects Sales Management System 1.0. Affected by this issue is some unknown functionality of the file /superstore/dist/dordupdate.php. The manipulation of the argument select2 leads to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2025-8936 1000 Projects Sales Management System dordupdate.php sql injection

A vulnerability was determined in 1000 Projects Sales Management System 1.0. Affected by this issue is some unknown functionality of the file /superstore/dist/dordupdate.php. The manipulation of the argument select2 leads to sql injection. The attack may be launched remotely. The exploit has been...

Information Leakage

djangoselect2 is vulnerable to information leakage. The vulnerability is due to improper handling of instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget, allowing an attacker to access restricted query sets and sensitive data...

Transmission of Private Resources into a New Sphere ('Resource Leak')

Overview django-select2 is a Django integration of Select2. Affected versions of this package are vulnerable to Transmission of Private Resources into a New Sphere 'Resource Leak' via a HeavySelect2Mixin class in forms.py. An attacker can access restricted data by exploiting the reuse of widget...

aldryn-django-cms (=3.5.3.2), aleksis (>=1.0.0a4.dev0 <=2023.1.0.dev0) +43 more potentially affected by CVE-2025-48383 via django-select2 (>=4.3.2 <=8.2.4)

django-select2 PYPI version =4.3.2, =1.0.0a4.dev0, =2.0.0, =1.0.0, =2.0.0, =2.1.0, =2.0.0, =0.1.0, =2.0.0, =2.0.0, =2.0.0, =0.1.1, =2.0.0, =2.2.0 and more Source cves: CVE-2025-48383 Source advisory: OSV:GHSA-WJRH-HJ83-3WH7...

Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking

Impact Instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can secret access tokens across requests. This can allow users to access restricted querysets and restricted data. Patches The problem has been patched in version 8.4.1 and all following...

byro (=2023.1.0), django-ndr-core (>=0.8.0 <=0.42.0) +4 more potentially affected by CVE-2025-48383 via django-select2 (>=8.0.0 <=8.2.1)

django-select2 PYPI version =8.0.0, =0.8.0, =4.0.2, =0.1.4.12, =0.1.2.5, =0.1.2.15 - nobinobi-kitchen =0.1.1 Source cves: CVE-2025-48383 Source advisory: SNYK:PYTHON-DJANGOSELECT2-10255155...

GHSA-WJRH-HJ83-3WH7 Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking

Impact Instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can secret access tokens across requests. This can allow users to access restricted querysets and restricted data. Patches The problem has been patched in version 8.4.1 and all following...

DEBIAN-CVE-2025-48383

Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data...

CVE-2025-48383

Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data...

UBUNTU-CVE-2025-48383

Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data...