6.8
CVE-2026-1814 - Rapid7 Nexpose Insecure Java Keystore Password Generation
Rapid7 Nexpose versions 6.4.50 and later are vulnerable to an insufficient entropy issue in the CredentialsKeyStorePassword.generateRandomPassword() method. When updating legacy keystore passwords, the application generates a new password with insufficient length (7-12 characters) and a static prefβ¦
8.5
CVE-2020-37102 - Adaware Web Companion 4.9.2159 - 'WCAssistantService' Unquoted Service Path
Adaware Web Companion 4.9.2159 contains an unquoted service path vulnerability in the WCAssistantService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges durβ¦
8.5
CVE-2020-37101 - VPN unlimited 6.1 - Unquoted Service Path
VPN Unlimited 6.1 contains an unquoted service path vulnerability that allows local attackers to inject malicious executables into the service binary path. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\VPN Unlimited\' to replace the service executable and gain elevated system pβ¦
8.5
CVE-2020-37100 - Sync Breeze Enterprise 12.4.18 - Unquoted Service Path
Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations to hijack the serviβ¦
8.5
CVE-2020-37099 - Disk Savvy Enterprise 12.3.18 - 'disksvs.exe' Unquoted Service Path
Disk Savvy Enterprise 12.3.18 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Savvy Enterprise\bin\disksvs.exe' to inject malicious execuβ¦
8.5
CVE-2020-37098 - Disk Sorter Enterprise 12.4.16 - Unquoted Service Path
Disk Sorter Enterprise 12.4.16 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with Localβ¦
8.5
CVE-2019-25261 - AnyDesk 5.4.0 - Unquoted Service Path
AnyDesk 5.4.0 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially inject malicious executables. Attackers can exploit the unquoted binary path to place malicious files in service executable locations, potentially gaining elβ¦
7.5
CVE-2025-14550 - Potential denial-of-service vulnerability via repeated headers when using ASGI
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `ASGIRequest` allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not eβ¦
5.4
CVE-2026-1312 - Potential SQL injection via QuerySet.order_by and FilteredRelation
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `.QuerySet.order_by()` is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in `FilteredRelation`. Earlier,β¦
5.4
CVE-2026-1287 - Potential SQL injection in column aliases via control characters
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `FilteredRelation` is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet` methods `annotate()`β¦