Lucene search
K

281 matches found

EUVD
EUVD
added 2026/07/01 12:34 a.m.5 views

EUVD-2025-210393

Hono before 4.10.2 fixed in 4.10.3 contains a flaw in its CORS middleware: when the origin is not set to "", the middleware copies the Vary header from the incoming request into the response. Because Vary is a response header that should be managed by the server, an attacker can supply arbitrary...

6.9CVSS5.9AI score0.0028EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 11:16 p.m.5 views

CVE-2025-71381

Hono before 4.10.2 fixed in 4.10.3 contains a flaw in its CORS middleware: when the origin is not set to "", the middleware copies the Vary header from the incoming request into the response. Because Vary is a response header that should be managed by the server, an attacker can supply arbitrary...

6.9CVSS0.0028EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:8 p.m.11 views

CVE-2025-71381

Hono up to version 4.10.2 contains a vulnerability in its CORS middleware. If the origin is not set to “*”, the middleware copies the Vary header from the request into the response, allowing an attacker to reflect arbitrary Vary values. This can lead to cache key pollution and inconsistent CORS e...

6.9CVSS5.9AI score0.0028EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.24 views

CVE-2025-71381 Hono - Vary Header Injection in CORS Middleware

Hono before 4.10.2 fixed in 4.10.3 contains a flaw in its CORS middleware: when the origin is not set to "", the middleware copies the Vary header from the incoming request into the response. Because Vary is a response header that should be managed by the server, an attacker can supply arbitrary...

6.9CVSS0.0028EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 10:8 p.m.1 views

CVE-2025-71381 Hono - Vary Header Injection in CORS Middleware

Hono before 4.10.2 fixed in 4.10.3 contains a flaw in its CORS middleware: when the origin is not set to "", the middleware copies the Vary header from the incoming request into the response. Because Vary is a response header that should be managed by the server, an attacker can supply arbitrary...

6.9CVSS6.1AI score0.0028EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.5 views

PT-2026-54013

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.10.3 Description A flaw exists in the CORS middleware when the origin is not set to "". The middleware copies the Vary header from the incoming request directly into the response. Since the Vary header is a response...

6.9CVSS6.1AI score0.0028EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.11 views

openSUSE 16 Security Update : python-Django (openSUSE-SU-2026:20937-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20937-1 advisory. Changes in python-Django: - CVE-2026-6873: Signed cookie salt namespace collision bsc1267578 - CVE-2026-7666: Potential unencrypted email...

5.3CVSS5.4AI score0.00359EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.8 views

Fedora 43 : python-django5 (2026-f140cb16b6)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f140cb16b6 advisory. Fixes five low-severity CVEs - CVE-2026-6873: Signed cookie salt namespace collision - CVE-2026-7666: Potential unencrypted email transmission via...

5.3CVSS5.5AI score0.00359EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.7 views

Fedora 44 : python-django5 (2026-e4146022ce)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-e4146022ce advisory. Fixes five low-severity CVEs - CVE-2026-6873: Signed cookie salt namespace collision - CVE-2026-7666: Potential unencrypted email transmission via...

5.3CVSS5.5AI score0.00359EPSS
Exploits0References6
OSV
OSV
added 2026/06/12 12:26 p.m.15 views

OESA-2026-2661 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header...

5.3CVSS5.5AI score0.00359EPSS
Exploits0References6
OSV
OSV
added 2026/06/12 12:26 p.m.25 views

OESA-2026-2660 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header...

5.3CVSS5.5AI score0.00359EPSS
Exploits0References6
OSV
OSV
added 2026/06/12 12:26 p.m.18 views

OESA-2026-2659 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header...

5.3CVSS5.5AI score0.00359EPSS
Exploits0References6
OSV
OSV
added 2026/06/10 12:31 p.m.6 views

OPENSUSE-SU-2026:20937-1 Security update for python-Django

This update for python-Django fixes the following issues: Changes in python-Django: - CVE-2026-6873: Signed cookie salt namespace collision bsc1267578 - CVE-2026-7666: Potential unencrypted email transmission via STARTTLS in the SMTP backend bsc1267579 - CVE-2026-8404: Potential exposure of priva...

5.3CVSS5.2AI score0.00359EPSS
Exploits0References10
SUSE Linux
SUSE Linux
added 2026/06/09 1:22 p.m.8 views

Security update for python-Django

This update for python-Django fixes the following issues CVE-2026-6873: signed cookie salt namespace collision in django.http.HttpRequest.getsignedcookie bsc1267578. CVE-2026-7666: potential unencrypted email transmission via STARTTLS in the SMTP backend bsc1267579. CVE-2026-8404: potential...

9.1CVSS5.4AI score0.00359EPSS
Exploits0References20
OSV
OSV
added 2026/06/09 1:22 p.m.6 views

SUSE-SU-2026:2318-1 Security update for python-Django

This update for python-Django fixes the following issues - CVE-2026-6873: signed cookie salt namespace collision in django.http.HttpRequest.getsignedcookie bsc1267578. - CVE-2026-7666: potential unencrypted email transmission via STARTTLS in the SMTP backend bsc1267579. - CVE-2026-8404: potential...

5.3CVSS5.4AI score0.00359EPSS
Exploits0References11
OSV
OSV
added 2026/06/06 8:39 a.m.11 views

BIT-DJANGO-2026-48587 Potential exposure of private data via whitespace padding in Vary header

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

5.3CVSS5.4AI score0.00354EPSS
Exploits0References4
OSV
OSV
added 2026/06/06 8:39 a.m.8 views

BIT-DJANGO-2026-35193 Potential exposure of private data via missing Vary: Authorization in UpdateCacheMiddleware

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

3.1CVSS5.4AI score0.00359EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.13 views

Python Library Django 5.2.x < 5.2.15 / 6.0.x < 6.0.6 Multiple Vulnerabilities

The detected version of the Django Python package is 5.2.x prior to 5.2.15 or 6.0.x prior to 6.0.6. It is, therefore, affected by multiple vulnerabilities, including: - django.middleware.cache.UpdateCacheMiddleware does not add Authorization to the Vary response header for requests bearing that...

5.3CVSS5.6AI score0.00359EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/06/04 2:24 a.m.15 views

SUSE CVE-2026-35193

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

5.9CVSS5.8AI score0.00359EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.9 views

SUSE CVE-2026-48587

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

5.9CVSS5.8AI score0.00354EPSS
Exploits0References5
Rows per page
Query Builder