Количество 5
Количество 5
CVE-2026-4292
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using `ModelAdmin.list_editable` incorrectly allowed new instances to be created via forged `POST` data. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Cantina for reporting this issue.
CVE-2026-4292
A flaw was found in Django. Admin changelist forms utilizing `ModelAdmin.list_editable` were susceptible to improper access control. A remote attacker could exploit this by sending forged `POST` data, leading to the unauthorized creation of new instances within the application.
CVE-2026-4292
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using `ModelAdmin.list_editable` incorrectly allowed new instances to be created via forged `POST` data. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Cantina for reporting this issue.
CVE-2026-4292
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4. ...
GHSA-mmwr-2jhp-mc7j
Django vulnerable to privilege abuse in ModelAdmin.list_editable
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-4292 An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using `ModelAdmin.list_editable` incorrectly allowed new instances to be created via forged `POST` data. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Cantina for reporting this issue. | CVSS3: 2.7 | 0% Низкий | 3 дня назад |
 | CVE-2026-4292 A flaw was found in Django. Admin changelist forms utilizing `ModelAdmin.list_editable` were susceptible to improper access control. A remote attacker could exploit this by sending forged `POST` data, leading to the unauthorized creation of new instances within the application. | CVSS3: 5.3 | 0% Низкий | 3 дня назад |
 | CVE-2026-4292 An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using `ModelAdmin.list_editable` incorrectly allowed new instances to be created via forged `POST` data. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Cantina for reporting this issue. | CVSS3: 2.7 | 0% Низкий | 3 дня назад |
| CVE-2026-4292 An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4. ... | CVSS3: 2.7 | 0% Низкий | 3 дня назад |
| GHSA-mmwr-2jhp-mc7j Django vulnerable to privilege abuse in ModelAdmin.list_editable | CVSS3: 2.7 | 0% Низкий | 3 дня назад |
Уязвимостей на страницу