4 matches found
CVE-2026-53878
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. DomainNameValidator does not prohibit newlines in domain names unless used via a form field, since CharField strips newlines. If an application uses values with newlines in an HTTP response, header injection can occur. Djan...
PT-2026-56195
Name of the Vulnerable Software and Affected Versions Django versions 6.0 through 6.0.6 Django versions 5.2 through 5.2.15 Description UpdateCacheMiddleware and the cache page decorator cache responses that vary on cookies when the incoming request contains unrelated cookies. This behavior allows...
CVE-2018-3086
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to...
Horde Groupware and Horde Groupware Webmail Cross-Site Scripting Vulnerabilities
Horde Groupware and Horde Groupware Webmail Edition are both products of Horde Corporation, USA.Horde Groupware is a free browser based on the Collaboration Suite.Horde Groupware Webmail is a free enterprise browser based on the Communication Suite. Horde Text Filter API is one of the methods for...