CVE-2025-64100 CKAN Vulnerable to Session Cookie Fixation

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, session ids could be fixed by an attacker if the site is configured with server-side session storage CKAN uses cookie-based session storage by default. The attacker would need to...

CVE-2025-54384

CKAN is affected by a stored XSS vulnerability in the helpers.markdown_extract() function. Before versions 2.10.9 and 2.11.4, user-provided data rendered on dataset/resource/organization/group pages could be wrapped in an HTML literal without sufficient sanitization, enabling an XSS vector. The i...

CKAN 跨站脚本漏洞

CKAN is an open source DMS Data Management System from CKAN Open Source. It is used to power data centers and data portals. A cross-site scripting vulnerability exists in CKAN versions prior to 2.10.9 and prior to 2.11.4, which stems from a failure of the helpers.markdownextract function to...

CKAN 授权问题漏洞

CKAN is an open source DMS Data Management System from CKAN Open Source. It is used to power data centers and data portals. An authorization issue vulnerability exists in CKAN versions prior to 2.10.9 and prior to 2.11.4, which stems from an attacker being able to fix session IDs, potentially...

EUVD-2025-13290

Malicious code in bioql PyPI...

GO-2025-3923 Rancher affected by unauthenticated Denial of Service in github.com/rancher/rancher

Rancher affected by unauthenticated Denial of Service in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...

CVE-2025-46566

DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.9...

CVE-2025-46566 Dataease redshift JDBC Connection Remote Code Execution

DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.9...

CVE-2025-46566

DataEase CVE-2025-46566 affects the open-source BI tool; authenticated users could achieve RCE via the backend JDBC link due to validation issues in the JDBC path. The vulnerability is addressed in version 2.10.9, with Red Hat/OSV notes indicating a bypass risk before 2.10.10 and that 2.10.10 con...

CVE-2025-46566 Dataease redshift JDBC Connection Remote Code Execution

DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.9...

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insights into business trends for business improvement and optimization. A security vulnerability exists in versions prior to DataEase 2.10.9 , which...

PT-2025-18683 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.9 Description: DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete Remote Code Execution RCE through the backend JDBC link. This issue has been...

Zope Cross-site scripting (XSS) vulnerability in ZMI pages

Cross-site scripting XSS vulnerability in ZMI pages that use the managetabsmessage in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12...

CVE-2009-5145

Cross-site scripting XSS vulnerability in ZMI pages that use the managetabsmessage in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12...

PYSEC-2017-148

Cross-site scripting XSS vulnerability in ZMI pages that use the managetabsmessage in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12...

Fedora 23 : webkitgtk4-2.10.9-1.fc23 (2016-7eb48a78dc)

This update together with the previous release brings the following fixes Security fixes: CVE-2016-1726 Limit the number of tiles according to the visible area. This was causing a huge memory consumption with some websites. Fix rendering of form controls and scrollbars with GTK+ = 3.19. Fix HTTP...

phplist 2.10.9 - CSRF/XSS Vulnerability

No description provided by source. +-------------------------------------------------------------------------+ Exploit Title : phplist - version 2.10.9 CSRF/XSS Vulnerability version : 2.10.9 Author : Cyber-Crystal Date : n/a Dork : inurl:powered by phplist - version 2.10.9 Software Link :...

pidgin

New pidgin packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/pidgin-2.10.9-i486-1slack14.1.txz: Upgraded. This update fixes various security issues and other bugs. For...

CVE-2012-5228

Cross-site scripting XSS vulnerability in admin/index.php in phplist 2.10.9, 2.10.17, and possibly other versions before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the testtarget parameter. NOTE: some of these details are obtained from third party information...

phpList 2.10.9 - 'Sajax.php' PHP Code Injection

source: https://www.securityfocus.com/bid/53693/info PHPList is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a compromise of the application and the...