Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
django vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2011-4952
cobbler: Web interface lacks CSRF protection when using Django framework
Cobblerd Cobbler -
605
VMScore
CVE-2019-11457
Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/, /documents/create/, /opportunities/create/, and /login/.
Micropyramid Django Crm 0.2.1
605
VMScore
CVE-2018-16552
MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, /users/##/edit/, and /accounts/##/delete/ URIs.
Micropyramid Django Crm 0.2
605
VMScore
CVE-2015-5081
Cross-site request forgery (CSRF) vulnerability in django CMS prior to 3.0.14, 3.1.x prior to 3.1.1 allows remote malicious users to manipulate privileged users into performing unknown actions via unspecified vectors.
Django-cms Django Cms 3.1
Django-cms Django Cms
605
VMScore
CVE-2011-4140
The CSRF protection mechanism in Django up to and including 1.2.7 and 1.3.x up to and including 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote malicious users to trigger unauthenticated forged requests via vect...
Djangoproject Django 0.95
Djangoproject Django 0.95.1
Djangoproject Django 1.2.3
Djangoproject Django 1.1.0
Djangoproject Django 1.1.3
Djangoproject Django 1.2.4
Djangoproject Django 1.2.5
Djangoproject Django 1.1
Djangoproject Django 1.0
Djangoproject Django 1.3
Djangoproject Django 1.2
Djangoproject Django 1.2.1
Djangoproject Django 1.1.2
Djangoproject Django 1.0.2
Djangoproject Django
Djangoproject Django 0.91
Djangoproject Django 1.2.2
Djangoproject Django 1.0.1
Djangoproject Django 0.96
605
VMScore
CVE-2011-0696
Django 1.1.x prior to 1.1.4 and 1.2.x prior to 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote malicious users to conduct cross-site request forgery (CSRF) attacks via forged AJAX requests that leverage a &q...
Djangoproject Django 1.1.2
Djangoproject Django 1.1.3
Djangoproject Django 1.1
Djangoproject Django 1.1.0
Djangoproject Django 1.2.1
Djangoproject Django 1.2.2
Djangoproject Django 1.2.3
Djangoproject Django 1.2.4
Djangoproject Django 1.2
605
VMScore
CVE-2007-5828
Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote malicious users to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes ...
Django Project Django 0.96
584
VMScore
CVE-2020-9402
Django 1.11 prior to 1.11.29, 2.2 prior to 2.2.11, and 3.0 prior to 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was p...
Djangoproject Django
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Netapp Steelstore Cloud Integrated Storage -
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 16.04
578
VMScore
CVE-2022-24857
django-mfa3 is a library that implements multi factor authentication for the django web framework. It achieves this by modifying the regular login view. Django however has a second login view for its admin area. This second login view was not modified, so the multi factor authent...
Django-mfa3 Project Django-mfa3
578
VMScore
CVE-2021-32831
Total.js framework (npm package total.js) is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. In total.js framework before version 3.4.9, calling the utils.set function with user-controlled values le...
Totaljs Total.js
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »