Critical Alert 2 Active Exploits Detected Today

CVE-2026-42271 BerriAI LiteLLM Command Injection Vulnerability →
CVE-2026-50751 Check Point Security Gateway Improper Authentication Vulnerability →
Powered by CVE Watchtower
×

Critical Alert

CVE-2026-50751 - Critical Check Point VPN Exploit Discovered Active in the Wild. View Threat Details →
Powered by CVE WATCHTOWER
×
June 9, 2026

CVE Watchtower


← Back to CVE List

CVE-2025-64459NVD

Vulnerability Summary

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.
The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the `_connector` argument.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank cyberstan for reporting this issue.
Severity Level
UNKNOWN
Published Date
Nov 5, 2025
Last Modified
Nov 5, 2025
Exploitation Status
????
EPSS Score (30-Day)
Data Pending
Root Weakness (CWE)
CWE-89: SQL Injection β†—
Improper neutralization of special elements used in an SQL command, allowing attackers to modify queries.

External References