CVE-2025-48383 – Django-Select2 Secret Token Exfiltration

May 27, 2025

CVE ID : CVE-2025-48383

Published : May 27, 2025, 3:15 p.m. | 1 hour, 14 minutes ago

Description : Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data. This issue has been patched in version 8.4.1.

Severity: 8.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5245 – GNU Binutils Debug Type Samep Memory Corruption Vulnerability

Next Article CVE-2025-3704 – DBAR Productions Volunteer Sign Up Sheets Stored Cross-site Scripting

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Beyond the benchmarks: Understanding the coding personalities of different LLMs

Top 10 Use Cases of Vibe Coding in Large-Scale Node.js Applications

Building smarter interactions with MCP elicitation: From clunky tool calls to seamless user experiences

From Zero to MCP: Simplifying AI Integrations with xmcp

Distribution Release: Linux Mint 22.2

Coded Smorgasbord: Basically, a Smorgasbord

Drupal 11’s AI Features: What They Actually Mean for Your Team

Drupal 11’s AI Features: What They Actually Mean for Your Team

Why Data Governance Matters More Than Ever in 2025?

Perficient Included in the IDC Market Glance for Digital Business Professional Services, 3Q25

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

Distribution Release: Linux Mint 22.2

‘Cronos: The New Dawn’ was by far my favorite experience at Gamescom 2025 — Bloober might have cooked an Xbox / PC horror masterpiece

CVE-2025-48383 – Django-Select2 Secret Token Exfiltration

Critical Linux UDisks Daemon Vulnerability (CVE-2025-8067) Exposes Privileged Data to Local Attackers

Google Slapped with $381 Million Fine in France Over Gmail Ads, Cookie Consent Missteps

CVE-2025-47944 – Multer Denial of Service

CVE-2025-45841 – TOTOLINK NR1800X Remote Stack Overflow Vulnerability

CVE-2025-43964 – LibRaw Unvalidated Memory Access Vulnerability

CVE-2025-46653 – Formidable File Name Guessing Vulnerability

Rime Introduces Arcana and Rimecaster (Open Source): Practical Voice AI Tools Built on Real-World Speech

Recursive Types in TypeScript: A Brief Exploration

CVE-2025-32977 – Quest KACE Unauthenticated Backup Upload

CVE-2025-5920 – WordPress Password Protected Posts Information Disclosure

CVE-2025-48383 – Django-Select2 Secret Token Exfiltration

Related Posts