Security Vulnerabilities
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29.
Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file system objects to be created with incorrect permissions via concurrent requests, where one thread's temporary `umask` change affects other threads in multi-threaded environments.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Tarek Nakkouch for reporting this issue.
CVSS Score
3.7
EPSS Score
0.0
Published
2026-03-03
A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted .wft file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVSS Score
8.1
EPSS Score
0.001
Published
2026-03-03
A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted Intan CLP file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-03-03
A buffer overflow vulnerability was discovered in goform/formSetMacFilterCfg in Tenda AC15V1.0 V15.03.05.18_multi.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-03-03
A buffer overflow vulnerability was discovered in goform/formSetMacFilterCfg in Tenda AC15V1.0 V15.03.05.18_multi.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-03-03
renren-secuity before v5.5.0 is vulnerable to SQL Injection in the BaseServiceImpl.java component
CVSS Score
9.8
EPSS Score
0.0
Published
2026-03-03
An out-of-bounds read vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (5462afb0). A specially crafted .abf file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-03-03
A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link.
This vulnerability affects Fireware OS 12.7 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-03-03
A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link.
This vulnerability affects Fireware OS 12.7 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-03-03
A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.This issue affects Fireware OS 12.0 up to and including 12.11.7, 12.5.9 up to and including 12.5.16, and 2025.1 up to and including 2026.1.1.
CVSS Score
4.9
EPSS Score
0.0
Published
2026-03-03