|
191
|
3.1 |
LOW
Network
|
-
|
-
|
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6.
`django.middleware.cache.UpdateCacheMiddleware` in Django does not match `Cache-Control` response directives case-insensitive…
New
|
CWE-178
Improper Handling of Case Sensitivity
|
CVE-2026-8404
|
2026-06-3 23:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
192
|
3.1 |
LOW
Network
|
-
|
-
|
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15.
`django.core.mail.backends.smtp.EmailBackend` in Django fails to prevent reuse of a partially-initialized connection after a …
New
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-7666
|
2026-06-3 23:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
193
|
3.1 |
LOW
Network
|
-
|
-
|
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15.
`django.http.HttpRequest.get_signed_cookie` in Django uses a non-injective salt derivation (concatenating the cookie name and…
New
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-6873
|
2026-06-3 23:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194
|
9.1 |
CRITICAL
Network
|
-
|
-
|
A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environm…
New
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-4035
|
2026-06-3 23:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195
|
9.8 |
CRITICAL
Network
|
-
|
-
|
authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, the Source stage can be bypassed by sending an empty POST. This issue has been patched in versions …
New
|
CWE-287
Improper Authentication
|
CVE-2026-49448
|
2026-06-3 23:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196
|
8.8 |
HIGH
Network
|
-
|
-
|
authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an account in one of the configured…
New
|
CWE-287
Improper Authentication
|
CVE-2026-49443
|
2026-06-3 23:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
BrowserStack Runner through 0.9.5 contains a remote code execution vulnerability in the /_log HTTP handler that allows unauthenticated network-adjacent attackers to execute arbitrary code by submitti…
New
|
CWE-94
Code Injection
|
CVE-2026-49143
|
2026-06-3 23:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198
|
- |
|
-
|
-
|
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in elixir-tesla tesla allows HTTP header injection via Tesla.Multipart.add_content_type_par…
New
|
CWE-113
HTTP Response Splitting
|
CVE-2026-48596
|
2026-06-3 23:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199
|
3.1 |
LOW
Network
|
-
|
-
|
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6.
`django.utils.cache.has_vary_header()` in Django does not strip leading or trailing whitespace from `Vary` response header va…
New
|
CWE-1023
Incomplete Comparison with Missing Factors
|
CVE-2026-48587
|
2026-06-3 23:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200
|
- |
|
-
|
-
|
ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth (e.g., 12072000 for 12 July 2000). The a…
New
|
CWE-1391
Use of Weak Credentials
|
CVE-2026-47325
|
2026-06-3 23:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
