Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-006301)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006301 advisory. An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allo...

CVE-2025-9116

The WPS Visitor Counter WordPress plugin through 1.4.8 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

Updated python-django packages fix security vulnerability

Potential log injection via unescaped request path. CVE-2025-48432...

CVE-2025-48432

An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are...

SUSE CVE-2025-48432

An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are...

CVE-2025-48432

An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are...

USN-7555-1: Django vulnerability

It was discovered that Django incorrectly handled certain unescaped request paths. An attacker could possibly use this issue to perform a log injection...

USN-7555-1 python-django vulnerability

It was discovered that Django incorrectly handled certain unescaped request paths. An attacker could possibly use this issue to perform a log injection...

CVE-2024-6072

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

CVE-2023-48314 Unescaped passing of the request URL in Collabora Online

Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online - Built-in CODE Server richdocumentscode...

WordPress Plugin VK All in One Expansion Unit 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2023-16624 · WordPress · Vk All In One Expansion Unit

Name of the Vulnerable Software and Affected Versions: VK All in One Expansion Unit WordPress plugin versions prior to 9.87.1.0 Description: The issue concerns the failure to escape the REQUEST URI parameter before outputting it back in an attribute, potentially leading to Reflected Cross-Site...