cg-django-uaa (=2.1.9), deeplabelnet (>=0.1.0 <=0.1.16) +39 more potentially affected by CVE-2026-5766 via django (>=5.2.0 <=5.2.13)

django PYPI version =5.2.0, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =5.2.0, =5.2.1 - djbackup =2.1.0 and more Source cves: CVE-2026-5766 Source advisory: OSV:PYSEC-2026-54...

EUVD-2026-19686

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

Django vulnerable to ASGI header spoofing via underscore/hyphen conflation

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

CVE-2026-3902

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

EUVD-2019-6936

Malware in sbrugna...

@angular-devkit/build-angular (>=18.0.0 <=18.1.0-next.2), @angular/build (>=18.0.0 <=18.1.0-next.2) +57 more potentially affected by CVE-2024-45811 via vite (>=5.2.0 <=5.2.13)

vite NPM version =5.2.0, =18.0.0, =18.0.0, =5.0.0-alpha.4, =0.1.0-rc.8, =18.0.0-next.46, =18.0.0-next.46, =3.0.2, =3.5.0, =4.1.0, =34.0.0, =2.1.3, =1.2.0, =1.0.0, =11.17.0, =8.0.8, =8.1.0 and more Source cves: CVE-2024-45811 Source advisory: OSV:GHSA-9CWX-2883-4WFX...

Plone Security Vulnerability

Plone is an open source content management system CMS built on the Zope application server. A security vulnerability exists in Plone official Docker version 5.2.13 5221, which stems from a vulnerability that allows an unauthenticated attacker to upload files to the server or delete files...

Plone Security Vulnerability

Plone is an open source content management system CMS built on the Zope application server. A security vulnerability exists in Plone version 5.2.13 that stems from allowing remote code execution via incorrect validation of HOST header input...

PT-2024-1348

Name of the Vulnerable Software and Affected Versions Plone Docker Official Image version 5.2.13 5221 Description The issue allows for remote code execution via improper validation of input by the HOST headers. This can be exploited by an attacker to execute arbitrary code by injecting code into...

WordPress 5.2.x < 5.2.13 Expired DST Root CA X3 Certificate

According to its self-reported version number, the detected WordPress application is affected by an expired certificate. The wordpress/wp-includes/certificates/ca-bundle.crt file still contains the DST Root CA X3 expired certificate. Note that the scanner has not tested for these issues but has...

Six Apart Movable Type RCE Vulnerability (Apr 2015)

Six Apart Movable Type is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

mariadb to 5.2.13 (important)

MariaDB was updated to 5.2.13. Release notes: http://kb.askmonty.org/v/mariadb-5213-release-notes Changelog: http://kb.askmonty.org/v/mariadb-5213-changelog...

CVE-2010-1130

session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; semicolon characters in the argument to the sessionsavepath function, which allows context-dependent attackers to bypass openbasedir and safemode restrictions via an argument that contains multiple ;...

PHP 5.3.1 - LCG Entropy Security

PHP 5.3.1 - LCG Entropy Security source: https://www.securityfocus.com/bid/38430/info PHP is prone to a security vulnerability that affects LCG Linear Congruential entropy. Attackers can exploit this issue to steal sessions or other sensitive data. Versions prior to PHP 5.2.13 are affected...

PHP 5.3.1 - LCG Entropy Security

source: https://www.securityfocus.com/bid/38430/info PHP is prone to a security vulnerability that affects LCG Linear Congruential entropy. Attackers can exploit this issue to steal sessions or other sensitive data. Versions prior to PHP 5.2.13 are affected...