CVE-2026-6579

A weakness has been identified in liangliangyy DjangoBlog up to 2.1.0.0. This impacts an unknown function of the file blog/views.py of the component Clean Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the...

CVE-2026-6579

Summary (CVE-2026-6579): A weakness identified in the DjangoBlog project by liangliangyy up to version 2.1.0.0 affects an unknown function in blog/views.py within the Clean Endpoint component. This manipulation results in missing authentication, enabling remote initiation of an attack. The exploi...

CVE-2025-69517

An HTML injection vulnerability in Amidaware Inc Tactical RMM v1.3.1 and earlier allows authenticated users to inject arbitrary HTML content during the creation of a new agent via the POST /api/v3/newagent/ endpoint. The agentid parameter accepts up to 255 characters and is improperly sanitized...

EUVD-2025-206495

An issue in Amidaware Inc Tactical RMM v1.3.1 and before allows a remote attacker to execute arbitrary code via the /api/tacticalrmm/apiv3/views.py component...

EUVD-2019-19127

Malware in sbrugna...

CVE-2024-8571

A vulnerability was found in erjemin rollcms up to 1484fe2c4e0805946a7bcf46218509fcb34883a9. It has been classified as problematic. This affects an unknown part of the file rollcms/rollcms/views.py. The manipulation leads to information exposure through error message. This product takes the...

CVE-2024-51378

getresetstatus in dns/views.py and ftp/views.py in CyberPanel aka Cyber Panel before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware which is only for a POST request and using shell...

CVE-2024-51378

CyberPanel CVE-2024-51378 is an unauthenticated remote code execution affecting CyberPanel before patch 1c0c6cb (versions through 2.3.6 and unpatched 2.3.7). The vulnerability lies in getresetstatus endpoints at /dns/getresetstatus and /ftp/getresetstatus, where an attacker can bypass secMiddlewa...

CVE-2024-51567

CVE-2024-51567 = CyberPanel pre-auth remote code execution via the upgrademysqlstatus endpoint. Affected CyberPanel builds (through 2.3.6 and unpatched 2.3.7) allow attackers to bypass secMiddleware protecting POST requests and inject commands using shell metacharacters in the statusfile paramete...

CVE-2024-8571 erjemin roll_cms views.py information exposure

A vulnerability was found in erjemin rollcms up to 1484fe2c4e0805946a7bcf46218509fcb34883a9. It has been classified as problematic. This affects an unknown part of the file rollcms/rollcms/views.py. The manipulation leads to information exposure through error message. This product takes the...

CVE-2024-8412

A vulnerability, which was classified as problematic, was found in LinuxOSsk Shakal-NG up to 1.3.3. Affected is an unknown function of the file comments/views.py. The manipulation of the argument next leads to open redirect. It is possible to launch the attack remotely. The name of the patch is...

CVE-2024-8412 LinuxOSsk Shakal-NG views.py redirect

A vulnerability, which was classified as problematic, was found in LinuxOSsk Shakal-NG up to 1.3.3. Affected is an unknown function of the file comments/views.py. The manipulation of the argument next leads to open redirect. It is possible to launch the attack remotely. The name of the patch is...

CVE-2024-8412 LinuxOSsk Shakal-NG views.py redirect

A vulnerability, which was classified as problematic, was found in LinuxOSsk Shakal-NG up to 1.3.3. Affected is an unknown function of the file comments/views.py. The manipulation of the argument next leads to open redirect. It is possible to launch the attack remotely. The name of the patch is...

PT-2024-38994 · Unknown · Linuxossk Shakal-Ng

Name of the Vulnerable Software and Affected Versions: LinuxOSsk Shakal-NG versions up to 1.3.3 Description: A problematic issue was found in LinuxOSsk Shakal-NG, affecting an unknown function of the file comments/views.py. The manipulation of the next argument leads to open redirect. It is...

Path traversal in flaskcode

An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/ URI from views.py, allows attackers to write to arbitrary files...

CVE-2023-52289

An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/ URI from views.py, allows attackers to write to arbitrary files...

CVE-2023-52289

An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/ URI from views.py, allows attackers to write to arbitrary files...

Directory traversal

An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a GET request to a /resource-data/.txt URI from views.py, allows attackers to read arbitrary files...

CVE-2023-52289

An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/ URI from views.py, allows attackers to write to arbitrary files...

Cross-Site Request Forgery (CSRF)

apacheairflow is vulnerable to Cross-Site Request Forgery. The vulnerability is due to the trigger function in views.py which accepts HTTP GET requests for triggering DAGs. An attacker can exploit this by creating a malicious website/URL that sends unauthorized GET requests to trigger DAGs in...