Lucene search
K

116 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Python-Django

A vulnerability was discovered in versions prior to 6.0.0, 6.0.2, 5.2.0 prior to 5.2.1.1, and 4.2.0 prior to 4.2.2.8. The methods django.utils.text.Truncator.chars and Truncator.words with html=True, along with the template filters truncatecharshtml and truncatewordshtml, allow a remote attacker ...

7.5CVSS7AI score0.00993EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux - уязвимость в python-django

In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words method with html=True, as well as the truncatewordshtml template filter, are vulnerable to a denial-of-service attack via a crafted regular expression. NOTE: This issue persists due to an...

5.3CVSS6.7AI score0.01854EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/09 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-016792)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016792 advisory. An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. django.utils.text.Truncator.chars and Truncator.words methods with html=True a...

7.5CVSS5.8AI score0.00993EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/05/07 5:9 p.m.18 views

Django: Django: Denial of Service via crafted HTML inputs

A flaw was found in Django. A remote attacker can exploit this vulnerability by providing crafted inputs containing a large number of unmatched HTML end tags to the django.utils.text.Truncator.chars and Truncator.words methods when html=True, or through the truncatecharshtml and truncatewordshtml...

7.5CVSS7.1AI score0.00993EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/03/26 8:30 p.m.5 views

Django: Django: Denial of Service via crafted HTML inputs

A flaw was found in Django. A remote attacker can exploit this vulnerability by providing crafted inputs containing a large number of unmatched HTML end tags to the django.utils.text.Truncator.chars and Truncator.words methods when html=True, or through the truncatecharshtml and truncatewordshtml...

7.5CVSS7.1AI score0.00993EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/03/06 4:36 p.m.3 views

Django: Django: Denial of Service via crafted HTML inputs

A flaw was found in Django. A remote attacker can exploit this vulnerability by providing crafted inputs containing a large number of unmatched HTML end tags to the django.utils.text.Truncator.chars and Truncator.words methods when html=True, or through the truncatecharshtml and truncatewordshtml...

7.5CVSS5.8AI score0.00993EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/03/06 11:0 a.m.5 views

Django: Django: Denial of Service via crafted HTML inputs

A flaw was found in Django. A remote attacker can exploit this vulnerability by providing crafted inputs containing a large number of unmatched HTML end tags to the django.utils.text.Truncator.chars and Truncator.words methods when html=True, or through the truncatecharshtml and truncatewordshtml...

7.5CVSS5.8AI score0.00993EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/03/04 12:0 a.m.5 views

Fedora 42 : python-django4.2 (2026-ca3d81129a)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ca3d81129a advisory. - Fixes CVE-2025-13473: Username enumeration through timing difference in modwsgi authentication handler - Fixes CVE-2025-14550: Potential...

8.5CVSS6AI score0.09436EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2026/03/04 12:0 a.m.5 views

Fedora 42 : python-django5 (2026-00b5bf3150)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-00b5bf3150 advisory. - Fixes CVE-2025-13473: Username enumeration through timing difference in modwsgi authentication handler - Fixes CVE-2025-14550: Potential...

8.5CVSS6AI score0.09436EPSS
Exploits2References7
OSV
OSV
added 2026/02/13 1:15 p.m.14 views

OESA-2026-1343 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django versions before 6.0.2, before 5.2.11, and before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsg...

8.5CVSS6.9AI score0.09436EPSS
Exploits2References7
SUSE Linux
SUSE Linux
added 2026/02/11 9:38 a.m.8 views

Security update for python-Django

This update for python-Django fixes the following issues: CVE-2025-14550: Fixed potential denial-of-service via repeated headers when using ASGIbsc1257403 CVE-2026-1312: Fixed potential SQL injection via QuerySet.orderby and FilteredRelation bsc1257408 CVE-2026-1287: Fixed potential SQL injection...

8.1CVSS5.8AI score0.09436EPSS
Exploits2References24
OSV
OSV
added 2026/02/11 9:38 a.m.5 views

SUSE-SU-2026:0440-1 Security update for python-Django

This update for python-Django fixes the following issues: - CVE-2025-14550: Fixed potential denial-of-service via repeated headers when using ASGIbsc1257403 - CVE-2026-1312: Fixed potential SQL injection via QuerySet.orderby and FilteredRelation bsc1257408 - CVE-2026-1287: Fixed potential SQL...

8.5CVSS5.9AI score0.09436EPSS
Exploits2References13
Veracode
Veracode
added 2026/02/11 9:9 a.m.5 views

Denial Of Service

Django is vulnerable to Denial Of Service. The vulnerability is due to inefficient processing of unmatched HTML end tags in Truncator.chars and Truncator.words with html=True and related template filters, where crafted input containing a large number of unmatched closing tags can trigger excessiv...

7.5CVSS5.5AI score0.00993EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/09 12:0 a.m.5 views

openSUSE 16 Security Update : python-Django (openSUSE-SU-2026:20184-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20184-1 advisory. Changes in python-Django: - CVE-2026-1312: Fixed potential SQL injection via QuerySet.orderby and FilteredRelation bsc1257408. - CVE-2026-1287:...

8.5CVSS5.9AI score0.09436EPSS
Exploits2References18
OPENSUSE Linux
OPENSUSE Linux
added 2026/02/08 12:0 a.m.5 views

Security update for python-Django (important)

openSUSE security update: security update for python-django ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20184-1 Rating: important References: bsc1257401 bsc1257403 bsc1257405 bsc1257406 bsc1257407 bsc1257408 Cross-References: CVE-2025-13473...

8.1CVSS5.6AI score0.09436EPSS
Exploits2References6
OSV
OSV
added 2026/02/07 1:45 p.m.5 views

OPENSUSE-SU-2026:20184-1 Security update for python-Django

This update for python-Django fixes the following issues: Changes in python-Django: - CVE-2026-1312: Fixed potential SQL injection via QuerySet.orderby and FilteredRelation bsc1257408. - CVE-2026-1287: Fixed potential SQL injection in column aliases via control characters bsc1257407. -...

8.5CVSS5.9AI score0.09436EPSS
Exploits2References12
OSV
OSV
added 2026/02/06 3:57 p.m.10 views

OESA-2026-1308 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django versions before 6.0.2, before 5.2.11, and before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsg...

8.5CVSS6.9AI score0.09436EPSS
Exploits2References7
OSV
OSV
added 2026/02/06 3:57 p.m.7 views

OESA-2026-1307 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django versions before 6.0.2, before 5.2.11, and before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsg...

8.5CVSS6.9AI score0.09436EPSS
Exploits2References7
Mageia
Mageia
added 2026/02/06 5:11 a.m.29 views

Updated python-django packages fix security vulnerabilities

Username enumeration through timing difference in modwsgi authentication handler. CVE-2025-13473 Potential denial-of-service vulnerability via repeated headers when using ASGI. CVE-2025-14550 Potential SQL injection via raster lookups on PostGIS. CVE-2026-1207 Potential denial-of-service...

8.5CVSS5.6AI score0.09436EPSS
Exploits2References2
OSV
OSV
added 2026/02/06 5:11 a.m.6 views

MGASA-2026-0032 Updated python-django packages fix security vulnerabilities

Username enumeration through timing difference in modwsgi authentication handler. CVE-2025-13473 Potential denial-of-service vulnerability via repeated headers when using ASGI. CVE-2025-14550 Potential SQL injection via raster lookups on PostGIS. CVE-2026-1207 Potential denial-of-service...

8.5CVSS5.5AI score0.09436EPSS
Exploits2References3
Rows per page
Query Builder