Cantina

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** An improper access check allows privilege escalation through the `com users` batch task. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.7.9 iPadOS versions prior to 18.7.9 iOS versions prior to 26.5 iPadOS versions prior to 26.5 macOS Tahoe versions prior to 26.5 tvOS versions prior to 26.5 visionOS versions prior to 26.5 watchOS versions prior to 26.5 **Description** Processing maliciously crafted web content may prevent Content Security Policy (a security layer that helps detect and mitigate certain types of attacks, including Cross-Site Scripting and data injection) from being enforced. **Recommendations** Update to iOS 18.7.9 Update to iPadOS 18.7.9 Update to iOS 26.5 Update to iPadOS 26.5 Update to macOS Tahoe 26.5 Update to tvOS 26.5 Update to visionOS 26.5 Update to watchOS 26.5

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 26.5 iPadOS versions prior to 26.5 macOS Tahoe versions prior to 26.5 visionOS versions prior to 26.5 **Description** An app may be able to access sensitive user data due to insufficient data protection. **Recommendations** Update iOS to version 26.5. Update iPadOS to version 26.5. Update macOS Tahoe to version 26.5. Update visionOS to version 26.5.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.7.9 iOS versions prior to 26.5 iPadOS versions prior to 18.7.9 iPadOS versions prior to 26.5 macOS Tahoe versions prior to 26.5 tvOS versions prior to 26.5 visionOS versions prior to 26.5 watchOS versions prior to 26.5 **Description** A validation issue exists where processing maliciously crafted web content may prevent the Content Security Policy (a security layer that helps detect and mitigate certain types of attacks, including Cross-Site Scripting and data injection) from being enforced. **Recommendations** Update iOS to version 18.7.9 or 26.5 Update iPadOS to version 18.7.9 or 26.5 Update macOS Tahoe to version 26.5 Update tvOS to version 26.5 Update visionOS to version 26.5 Update watchOS to version 26.5

**Name of the Vulnerable Software and Affected Versions** Django versions 6.0 through 6.0.4 Django versions 5.2 through 5.2.13 **Description** When `SESSION SAVE EVERY REQUEST` is set to `True`, response headers do not vary based on cookies if a session remains unmodified. This allows a remote attacker to steal a user's session after the victim visits a cached public page. This is a session fixation issue where a session identifier can be compromised via public cached content. **Recommendations** Update Django versions 6.0 through 6.0.4 to version 6.0.5. Update Django versions 5.2 through 5.2.13 to version 5.2.14.

Name of the Vulnerable Software and Affected Versions Django versions 6.0 through 6.0.3 Django versions 5.2 through 5.2.12 Django versions 4.2 through 4.2.29 Django versions 5.0.x and earlier Django versions 4.1.x and earlier Django versions 3.2.x and earlier Description An issue was discovered where admin changelist forms using `ModelAdmin.list editable` incorrectly allowed new instances to be created via forged `POST` data. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Recommendations Update to Django version 6.0.4 or later. Update to Django version 5.2.13 or later. Update to Django version 4.2.30 or later.

Name of the Vulnerable Software and Affected Versions swift-crypto versions 4.3.0 and earlier Description A remote attacker can provide a short X-Wing HPKE encapsulated key, triggering an out-of-bounds read in the C decapsulation path. This can lead to a crash or memory disclosure, depending on runtime protections. The issue arises because the X-Wing decapsulation path accepts attacker-controlled ciphertext bytes without enforcing a fixed ciphertext length. The C API expects a fixed-size buffer of 1120 bytes, and a shorter `Data` value passed to it can cause the C code to read beyond the Swift buffer. The vulnerability is reachable through initialization of an `HPKE.Recipient`, where a malformed `encapsulatedKey` can trigger undefined behavior instead of a safe length-validation error. The `decapsulate` function of `OpenSSLXWingPrivateKeyImpl` does not perform a length check before passing the `encapsulated` data to the C API. A Proof of Concept (PoC) demonstrates that providing a 1-byte `encapsulatedKey` instead of the required 1120 bytes does not result in rejection, and can lead to a crash or memory corruption when run with AddressSanitizer. Recommendations Update to swift-crypto version 4.3.1 or later.