Lucene search
K

9 matches found

CVE
CVE
added 2026/06/10 6:0 a.m.41 views

CVE-2026-9067

The CVE-2026-9067 affects the Schema & Structured Data for WP & AMP WordPress plugin prior to 1.60. The vulnerability stems from frontend AJAX file-upload handlers that do not enforce user capabilities and do not validate the uploaded content against the endpoint’s intended media type, allowing u...

9.1CVSS5.5AI score0.00426EPSS
Exploits1References1
Veracode
Veracode
added 2025/08/13 11:38 a.m.6 views

Server Side Request Forgery (SSRF)

bentoml is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the file upload handlers automatically downloading files from user-provided URLs without validating their targets, which allows an attacker to make the server send arbitrary HTTP requests to internal or...

9.9CVSS7.2AI score0.11883EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/03/06 10:55 a.m.22 views

BIT-DJANGO-2021-28658

In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability...

5.3CVSS5.5AI score0.03865EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2021/04/12 12:0 a.m.35 views

Debian DLA-2622-1 : python-django security update

It was discovered that there was a potential directory traversal issue in Django, a Python-based web development framework. The vulnerability could have been exploited by maliciously crafted filenames. However, the upload handlers built into Django itself were not affected. For Debian 9 'Stretch'...

5.3CVSS6.5AI score0.03865EPSS
Exploits0References4
Debian
Debian
added 2021/04/09 11:47 a.m.66 views

[SECURITY] [DLA 2622-1] python-django security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2622-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb April 09, 2021 https://wiki.debian.org/LTS -...

5.3CVSS5.7AI score0.03865EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2021/04/06 3:15 p.m.5 views

CVE-2021-28658

In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability...

5.3CVSS5.3AI score0.03865EPSS
Exploits0References8
Prion
Prion
added 2021/04/06 3:15 p.m.30 views

Directory traversal

In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability...

5CVSS5.5AI score0.03865EPSS
Exploits0References6Affected Software3
AlpineLinux
AlpineLinux
added 2021/04/06 2:51 p.m.42 views

CVE-2021-28658

In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability...

5.3CVSS5.8AI score0.03865EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2021/04/06 8:0 a.m.33 views

CVE-2021-28658

In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability...

5.3CVSS6.8AI score0.03865EPSS
Exploits0References3
Rows per page
Query Builder