|
751
|
3.1 |
LOW
Network
|
djangoproject
|
django
|
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6.
`django.middleware.cache.UpdateCacheMiddleware` in Django does not add `Authorization` to the `Vary` response header for requ…
|
CWE-524
Use of Cache Containing Sensitive Information
|
CVE-2026-35193
|
2026-06-5 22:03 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
752
|
5.3 |
MEDIUM
Network
|
djangoproject
|
django
|
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6.
`django.utils.cache.has_vary_header()` in Django does not strip leading or trailing whitespace from `Vary` response header va…
|
CWE-1023
Incomplete Comparison with Missing Factors
|
CVE-2026-48587
|
2026-06-5 22:03 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
753
|
4.3 |
MEDIUM
Network
|
djangoproject
|
django
|
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15.
`django.http.HttpRequest.get_signed_cookie` in Django uses a non-injective salt derivation (concatenating the cookie name and…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-6873
|
2026-06-5 21:58 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
754
|
3.1 |
LOW
Network
|
djangoproject
|
django
|
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15.
`django.core.mail.backends.smtp.EmailBackend` in Django fails to prevent reuse of a partially-initialized connection after a …
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-7666
|
2026-06-5 21:46 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
755
|
5.3 |
MEDIUM
Network
|
djangoproject
|
django
|
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6.
`django.middleware.cache.UpdateCacheMiddleware` in Django does not match `Cache-Control` response directives case-insensitive…
|
CWE-178
Improper Handling of Case Sensitivity
|
CVE-2026-8404
|
2026-06-5 21:38 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
756
|
7.2 |
HIGH
Network
|
-
|
-
|
Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the chat input field. Attackers can submit pay…
|
CWE-79
Cross-site Scripting
|
CVE-2019-25737
|
2026-06-5 21:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
757
|
7.2 |
HIGH
Network
|
-
|
-
|
Zuz Music 2.1 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious JavaScript by submitting crafted contact form data. Attackers can inje…
|
CWE-79
Cross-site Scripting
|
CVE-2019-25731
|
2026-06-5 21:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
758
|
5.3 |
MEDIUM
Network
|
exim
|
exim
|
Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client.
|
CWE-839
Numeric Range Comparison Without Minimum Check
|
CVE-2026-48840
|
2026-06-5 20:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
759
|
8.6 |
HIGH
Network
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
ibmveth: Disable GSO for packets with small MSS
Some physical adapters on Power systems do not support segmentation
offload when …
|
-
|
CVE-2026-46273
|
2026-06-5 16:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
760
|
7.8 |
HIGH
Local
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: do WoW offloads only on primary link
In case of multi-link connection, WCN7850 firmware crashes due to WoW
offloads…
|
-
|
CVE-2026-46271
|
2026-06-5 16:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
