SUSE CVE-2026-6907

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. django.middleware.cache.UpdateCacheMiddleware erroneously caches requests where the Vary header contained an asterisk ''. This can lead to private data being stored and served. Earlier, unsupported Django series such as 5.0.x,...

PT-2026-36796

Improper Control of Generation of Code 'Code Injection' vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection. This issue affects SambaBox: from 5.1 before 5.3...

Django vulnerable to privilege abuse in GenericInlineModelAdmin

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

CVE-2026-33033 Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads with Content-Transfer-Encoding: base64 including excessive whitespace. Earlier, unsupported Django series such as...

CVE-2026-24732

CVE-2026-24732 affects Hallo Welt! GmbH BlueSpice Extension:NSFileRepo, with vulnerable versions 5.1–5.1.5 and 5.2–5.2.0. The issue is improper permission checks in the extension, allowing access to functionality not properly constrained by ACLs and bypassing electronic locks and access controls....

cg-django-uaa (=2.1.9), deeplabelnet (>=0.1.0 <=0.1.16) +27 more potentially affected by CVE-2026-25673 via django (>=5.2.0 <=5.2.11)

django PYPI version =5.2.0, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =5.2.0, =5.2.1 - djbackup =2.1.0 and more Source cves: CVE-2026-25673 Source advisory: SNYK:PYTHON-DJANGO-15371389...

cg-django-uaa (=2.1.9), deeplabelnet (>=0.1.0 <=0.1.16) +27 more potentially affected by CVE-2026-25674 via django (>=5.2.0 <=5.2.11)

django PYPI version =5.2.0, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =5.2.0, =5.2.1 - djbackup =2.1.0 and more Source cves: CVE-2026-25674 Source advisory: SNYK:PYTHON-DJANGO-15371388...

cg-django-uaa (=2.1.9), deeplabelnet (>=0.1.0 <=0.1.16) +21 more potentially affected by CVE-2025-13473 via django (>=5.2.0 <=5.2.10)

django PYPI version =5.2.0, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =5.2.0, =1.0.0, =1.0.1 and more Source cves: CVE-2025-13473 Source advisory: SNYK:PYTHON-DJANGO-15198930...

GHSA-6426-9FV3-65X8 Django has an SQL Injection issue

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. .QuerySet.orderby is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in FilteredRelation. Earlier,...

GHSA-GVG8-93H5-G6QQ Django has an SQL Injection issue

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. FilteredRelation is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet methods annotate, aggregat...

Django has an SQL Injection issue

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on RasterField only implemented on PostGIS allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluate...

EUVD-2023-45127

Malicious code in bioql PyPI...

CVE-2025-59681

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the kwarg...

PT-2025-22822 · Thehive · Thehive

Name of the Vulnerable Software and Affected Versions: TheHive versions 5.2.0 through 5.2.15 TheHive versions 5.3.0 through 5.3.10 TheHive versions 5.4.0 through 5.4.9 TheHive versions 5.5.0 Description: A Server-Side Request Forgery SSRF issue allows remote authenticated attackers with admin...

WordPress plugin Philantro 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

CVE-2023-45859

In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster...

PT-2023-35163 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.2 through v5.15.90 Description: A potential security issue exists due to an ib block iterator counter overflow in the RDMA/core component. The actual impact and attack plausibility have not yet been proven...

at.datenwort.commons:jmodel2ts-app (>=0.1 <=0.12), ch.heia-fr.isc.data-cockpit:experiments (>=1.0.0 <=1.1.0) +969 more potentially affected by CVE-2022-42920 via org.apache.bcel:bcel (>=5.2 <=6.5.0)

org.apache.bcel:bcel MAVEN version =5.2, =0.1, =1.0.0, =1.0.1, =1.0.0, =0.1.4-jdk17-RELEASES, =4.2.1, =0.0.1, =1.1.0, =0.2.0, =0.1.31, =0.5.0, =0.5.0, =1.10.0, =2.0.0, =3.0.0.rc1, =3.2.1 and more Source cves: CVE-2022-42920 Source advisory: OSV:GHSA-97XG-PHPR-RG8Q...

Security Bulletin: IBM Sterling B2B Integrator HTTP Range Header Vulnerability (CVE-2013-0494)

Summary IBM Sterling B2B Integrator is subject to HTTP Byte Range Denial Of Service attacks. Vulnerability Details CVE ID: CVE-2013-0494 DESCRIPTION: IBM Sterling B2B Integrator is subject to HTTP Byte Range Denial Of Service attacks. Specially crafted HTTP Range or Request-Range request headers...

ILIAS Cross-Site Scripting Vulnerability (CNVD-2018-10348)

ILIAS is a Web-based learning management system developed by the ILIAS team. The system contains modules for course management, file sharing, and live chat. ILIAS version 5.3.x before 5.3.4 and version 5.2.x have Services/Form/classes/class.ilDateDurationInputGUI.php and...