CVE-2025-48024

In BlueWave Checkmate before 2.1, an authenticated regular user can access sensitive application secrets via the /api/v1/settings endpoint...

PT-2025-21262 · Unknown · Bluewave Checkmate

Name of the Vulnerable Software and Affected Versions: BlueWave Checkmate versions prior to 2.1 Description: The issue allows an authenticated regular user to access sensitive application secrets. This is achieved via the "/api/v1/settings" endpoint. Recommendations: For versions prior to 2.1,...

Django settings leak in date template filter

The getformat function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRETKEY...

CVE-2015-8213

The getformat function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRETKEY...

CVE-2015-8213

CVE-2015-8213 affects Django: get_format in utils/formats.py could expose sensitive settings (e.g., SECRET_KEY) when a format is taken from a settings key instead of a date/time format. Affected versions: Django 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2. Impact is informati...

CVE-2015-8213

The getformat function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRETKEY...