CVE-2026-35193

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-016791)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016791 advisory. An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on RasterField only implemented on PostGIS allows remote...

Astra Linux - уязвимость в qemu

A use-after-free flaw was discovered in the MegaRAID emulator of QEMU. This issue occurs during the processing of SCSI I/O requests when the mptsasfreerequest function fails to dequeue the request object ‘req’ from the pending requests queue. This flaw allows a privileged guest user to crash the...

UBUNTU-CVE-2026-3902

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

baserCMS has OS command injection vulnerability in installer

baserCMS has an OS command injection vulnerability in the installer. Target baserCMS 5.2.2 and earlier versions Vulnerability If baserCMS is placed on a server but not installed, malicious commands may be executed. Countermeasures Update to the latest version of baserCMS Please refer to the...

cg-django-uaa (=2.1.9), deeplabelnet (>=0.1.0 <=0.1.16) +21 more potentially affected by CVE-2025-14550 via django (>=5.2.0 <=5.2.10)

django PYPI version =5.2.0, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =5.2.0, =1.0.0, =1.0.1 and more Source cves: CVE-2025-14550 Source advisory: SNYK:PYTHON-DJANGO-15198929...

IBM Sterling Connect: Express Adapter for Sterling code issue and vulnerability

IBM Sterling Connect: Express Adapter for Sterling is a communication adapter developed by the American multinational company International Business Machines IBM. There were code vulnerabilities in versions 5.2.0.00 to 5.2.0.12 of IBM Sterling Connect: Express Adapter for Sterling. These...

WordPress plugin WP Attachments 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress Essential Real Estate plugin <= 5.2.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Essential Real Estate versions = 5.2.6...

ClipBucket V5 跨站脚本漏洞

ClipBucket V5 is a video hosting platform for MacWarrior individual developers. A cross-site scripting vulnerability exists in ClipBucket v5 versions 5.5.2 through 147, which stems from the Collection tags feature not escaping HTML or JavaScript, and could lead to a stored cross-site scripting...

PT-2025-40970

Name of the Vulnerable Software and Affected Versions Featured Image from URL FIFU plugin for WordPress versions prior to 5.2.8 Description The software is susceptible to Stored Cross-Site Scripting through the Featured Image custom fields of a post. Insufficient input sanitization and output...

PT-2025-38521

Name of the Vulnerable Software and Affected Versions Grafana-Zabbix versions 5.2.1 and below Description Grafana-Zabbix is a plugin for Grafana that visualizes monitoring data from Zabbix. Versions 5.2.1 and below contain a Regular expression Denial of Service ReDoS vulnerability. This issue...

Linux Distros Unpatched Vulnerability : CVE-2019-2552

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are prior to 5.2.24 and...

Honeywell Experion PKS 安全漏洞

Honeywell Experion PKS is a process automation system from Honeywell USA. A security vulnerability exists in Honeywell Experion PKS versions 520.1 to 520.2 TCU9 and 530 to 530 TCU3, which stems from uninitialized variables and could result in a denial of service...

AZL-77493 CVE-2025-30204 affecting package cf-cli for versions less than 8.4.0-27

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

WordPress 워드프레스 결제 심플페이 plugin <= 5.2.2 - Reflected Cross-Site Scripting via add_query_arg Parameter vulnerability

Reflected Cross-Site Scripting via addqueryarg Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin 워드프레스 결제 심플페이 versions = 5.2.2...

PrestaShop Security Breach

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution offers multiple payment methods, short message alerts and product image scaling. PrestaShop boninstagramcarousel v5.2.1 version to v7.0.0 prior to the version of a security vulnerability , th...

cloud.piranha.extension:piranha-extension-hazelcast (>=22.12.0 <=23.4.0), cloud.piranha:debug (>=22.12.0 <=23.1.0) +201 more potentially affected by CVE-2023-33265 via com.hazelcast:hazelcast (>=5.2.0 <=5.2.3)

com.hazelcast:hazelcast MAVEN version =5.2.0, =22.12.0, =22.12.0, =23.1.0 - cn.vertxup:aeon-ambient =0.9.0 - cn.vertxup:aeon-aurora =0.9.0 - cn.vertxup:aeon-code =0.9.0 - cn.vertxup:aeon-cosmos =0.9.0 - cn.vertxup:aeon-ecology =0.9.0 - cn.vertxup:aeon-edge =0.9.0 - cn.vertxup:aeon-eternal =0.9.0 ...

GHSA-564R-HJ7V-MCR5 Spring Framework vulnerable to denial of service via specially crafted SpEL expression

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service DoS condition...

CVE-2021-29903

IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 207506...