Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
django vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-11457
Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/, /documents/create/, /opportunities/create/, and /login/.
Micropyramid Django Crm 0.2.1
6.1
CVSSv3
CVE-2017-20182
A vulnerability was found in Mobile Vikings Django AJAX Utilities up to 1.2.1 and classified as problematic. This issue affects the function Pagination of the file django_ajax/static/ajax-utilities/js/pagination.js of the component Backslash Handler. The manipulation of the argum...
Mobilevikings Django Ajax Utilities
9.8
CVSSv3
CVE-2022-32996
The django-navbar-client package of v0.9.50 to v1.0.1 exists to contain a code execution backdoor via the request package. This vulnerability allows malicious users to access sensitive user information and digital currency keys, as well as escalate privileges.
Pypi Django-navbar-client
8.8
CVSSv3
CVE-2018-16552
MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, /users/##/edit/, and /accounts/##/delete/ URIs.
Micropyramid Django Crm 0.2
9.8
CVSSv3
CVE-2023-38941
django-sspanel v2022.2.2 exists to contain a remote command execution (RCE) vulnerability via the component sspanel/admin_view.py -> GoodsCreateView._post.
Ehco1996 Django-sspanel 2022.2.2
5.3
CVSSv3
CVE-2021-43410
Apache Airavata Django Portal allows CRLF log injection because of lack of escaping log statements. In particular, some HTTP request parameters are logged without first being escaped. Versions affected: master branch before commit 3c5d8c7 [1] of airavata-django-portal [1] https:/...
Apache Airavata Django Portal
4.9
CVSSv3
CVE-2021-33203
Django prior to 2.2.24, 3.x prior to 3.1.12, and 3.2.x prior to 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admind...
Djangoproject Django
Fedoraproject Fedora 35
7.5
CVSSv3
CVE-2021-33571
In Django 2.2 prior to 2.2.24, 3.x prior to 3.1.12, and 3.2 prior to 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validat...
Djangoproject Django
Fedoraproject Fedora 35
5.3
CVSSv3
CVE-2021-45452
Storage.save in Django 2.2 prior to 2.2.26, 3.2 prior to 3.2.11, and 4.0 prior to 4.0.1 allows directory traversal if crafted filenames are directly passed to it.
Djangoproject Django
Fedoraproject Fedora 35
1 Github repository
6.1
CVSSv3
CVE-2021-32052
In Django 2.2 prior to 2.2.22, 3.1 prior to 3.1.10, and 3.2 prior to 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur....
Djangoproject Django
Fedoraproject Fedora 34
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »