TYPO3 CMS 安全漏洞

TYPO3 CMS is a content management system developed under the TYPO3 open source framework. There is a security vulnerability in TYPO3 CMS, which stems from the upload limit imposed on form definition files. This limit can be bypassed by using mixed uppercase and lowercase file extensions, allowing...

CVE-2026-5766

A flaw was found in Django. This vulnerability allows a remote attacker to bypass the FILEUPLOADMAXMEMORYSIZE limit by sending specially crafted ASGI Asynchronous Server Gateway Interface requests with a missing or understated Content-Length header. This can lead to large files being loaded into...

SUSE SLES15 Security Update : python-Django (SUSE-SU-2026:1740-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1740-1 advisory. This update for python-Django fixes the following issues - CVE-2026-3902: headers spoofing by exploiting an ambiguous mapping of two header...

BIT-DJANGO-2026-5766 Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...

Security update for python-Django

This update for python-Django fixes the following issues CVE-2026-3902: headers spoofing by exploiting an ambiguous mapping of two header variants in ASGIRequest requests bsc1261729. CVE-2026-4277: permissions on inline model instances were not validated on submission of forged POST data in...

CVE-2026-5766 Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...

CVE-2026-5766

CVE-2026-5766 affects Django 6.0 before 6.0.5 and 5.2 before 5.2.14. An ASGI request with a missing or understated Content-Length can bypass FILE_UPLOAD_MAX_MEMORY_SIZE, potentially loading large files into memory and degrading service. The issue is mitigated by applying the patched releases (6.0...

CVE-2026-5766 Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...

Django 安全漏洞

Django is an open-source web framework based on the Python language, developed by the Django Foundation. This framework includes an object-oriented mapper, a view system, and a template system. Versions of Django prior to 6.0.5 and 5.2.14 contained security vulnerabilities. These vulnerabilities...

Updated python-django packages fix security vulnerabilities

ASGI header spoofing via underscore/hyphen conflation. CVE-2026-3902 Privilege abuse in GenericInlineModelAdmin. CVE-2026-4277 Privilege abuse in ModelAdmin.listeditable. CVE-2026-4292 Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload. CVE-2026-33033...

CVE-2026-33034 Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...

CVE-2026-33034

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...

CVE-2026-33034

Django CVE-2026-33034 affects ASGI request handling: missing/undersized Content-Length can bypass DATA_UPLOAD_MAX_MEMORY_SIZE when reading HttpRequest.body, allowing loading of an unbounded request body. Affected: Django 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30; earlier series (...

CVE-2026-33034 Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...

EUVD-2004-0613

Malware in sbrugna...

EUVD-2023-48736

Malicious code in bioql PyPI...

Airsonic-Advanced 代码问题漏洞

Airsonic-Advanced is an open source music streaming server from Airsonic. A code issue vulnerability exists in Airsonic-Advanced version 10.6.0 and earlier, which stems from the Playlist Upload Handler component not limiting uploads, which could lead to remote attacks...

WordPress plugin Forms 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

Apache Tomcat 9.0.0.M1 < 9.0.107 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.107. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.107security-9 advisory. - The vulnerability exists due to overflow in file upload limit. A remote attacker can send specially...

VirtueMart 代码问题漏洞

VirtueMart is an open source e-commerce application from VirtueMart, Inc. designed to be used as an extension to Mambo or Joomla! VirtueMart suffers from a code issue vulnerability that stems from an insufficient file upload limit that could lead to remote code execution...