392 matches found
CVE-2026-31815
Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modi...
simmate (>=0.14.0 <=0.17.0), tvsd (>=1.4.0 <=1.4.1) potentially affected by CVE-2026-31815 via django-unicorn (>=0.50.0 <=0.59.0)
django-unicorn PYPI version =0.50.0, =0.14.0, =1.4.0, =1.4.1 Source cves: CVE-2026-31815 Source advisory: OSV:GHSA-FFV6-JJ46-X367...
django-unicorn affected by component state manipulation via unvalidated attribute access
Summary Component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modify internal attributes such as templatename or trigger protected methods. Vulnerability...
EUVD-2026-10909
django-unicorn affected by component state manipulation via unvalidated attribute access...
GHSA-FFV6-JJ46-X367 django-unicorn affected by component state manipulation via unvalidated attribute access
Summary Component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modify internal attributes such as templatename or trigger protected methods. Vulnerability...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview django-unicorn is an A magical full-stack framework for Django. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via unvalidated attribute access within the action parsers that fail to enforce visibility...
simmate (>=0.14.0 <=0.17.0), tvsd (>=1.4.0 <=1.4.1) potentially affected by CVE-2026-31815 via django-unicorn (>=0.50.0 <=0.59.0)
django-unicorn PYPI version =0.50.0, =0.14.0, =1.4.0, =1.4.1 Source cves: CVE-2026-31815 Source advisory: SNYK:PYTHON-DJANGOUNICORN-15518682...
CVE-2026-31815
Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modi...
CVE-2026-31815
CVE-2026-31815 affects django-unicorn prior to 0.67.0. The issue stems from missing access control checks during property updates and method calls, allowing an attacker to bypass _is_public protection and modify internal attributes (e.g., template_name) or trigger protected methods. Fixed in 0.67...
CVE-2026-31815 django-unicorn affected by component state manipulation via unvalidated attribute access
Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modi...
CVE-2026-31815
Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modi...
CVE-2026-31815 django-unicorn affected by component state manipulation via unvalidated attribute access
Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modi...
CVE-2026-31815 django-unicorn affected by component state manipulation via unvalidated attribute access
Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modi...
Unicorn 安全漏洞
Unicorn is an open-source verifier developed by the World Wide Web Consortium. It helps people improve the quality of web pages by performing various checks. Versions of Unicorn prior to 0.67.0 contained security vulnerabilities; these vulnerabilities stemmed from lack of access control checks...
PT-2026-24466
Name of the Vulnerable Software and Affected Versions Unicorn versions prior to 0.67.0 Description A flaw exists in django-unicorn that allows manipulation of component state due to insufficient access control checks when updating properties and calling methods. An attacker can bypass the intende...
CVE-2026-31815
creationtimestamp| type| source ---|---|--- 2026-03-09 10:58:20+00:00| published-proof-of-concept| https://github.com/django-commons/django-unicorn/security/advisories/GHSA-ffv6-jj46-x367...
“Good enough” emulation: Fuzzing a single thread to uncover vulnerabilities
A Cisco Talos researcher worked around the limitations of hardware-level Code Read-out Protection RDP on the Socomec DIRIS M-70 gateway by pivoting from physical debugging to a "good enough" emulation approach. By focusing on emulating only the single thread responsible for Modbus protocol handli...
CVE-2023-29722
The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker cou...
CVE-2023-29723
The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opene...
Malicious code in xeric_unicorn_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35dfab96bb492317182b30fae769f46c45a10a279a2b79ceed1d9691a4df9c7d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...