CVE-2025-64100 CKAN Vulnerable to Session Cookie Fixation

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, session ids could be fixed by an attacker if the site is configured with server-side session storage CKAN uses cookie-based session storage by default. The attacker would need to...

CVE-2025-54384

CKAN is affected by a stored XSS vulnerability in the helpers.markdown_extract() function. Before versions 2.10.9 and 2.11.4, user-provided data rendered on dataset/resource/organization/group pages could be wrapped in an HTML literal without sufficient sanitization, enabling an XSS vector. The i...

CKAN 跨站脚本漏洞

CKAN is an open source DMS Data Management System from CKAN Open Source. It is used to power data centers and data portals. A cross-site scripting vulnerability exists in CKAN versions prior to 2.10.9 and prior to 2.11.4, which stems from a failure of the helpers.markdownextract function to...

CKAN 授权问题漏洞

CKAN is an open source DMS Data Management System from CKAN Open Source. It is used to power data centers and data portals. An authorization issue vulnerability exists in CKAN versions prior to 2.10.9 and prior to 2.11.4, which stems from an attacker being able to fix session IDs, potentially...

CVE-2012-4383

contao prior to 2.11.4 has a sql injection vulnerability...

PT-2024-7036 · Spring · Spring Cloud Data Flow

Name of the Vulnerable Software and Affected Versions: Spring Cloud Data Flow versions prior to 2.11.4 Description: A malicious user who has access to the Skipper server API can use a crafted upload request to write an arbitrary file to any location on the file system, which could lead to...

io.github.embedded-middleware:embedded-pulsar-core (>=0.0.4 <=0.0.5), org.apache.pulsar:pulsar-broker-auth-athenz (>=2.11.0 <=2.11.4) +3 more potentially affected by CVE-2024-29834 via org.apache.pulsar:pulsar-broker (>=2.11.0 <=2.11.4)

org.apache.pulsar:pulsar-broker MAVEN version =2.11.0, =0.0.4, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.4 Source cves: CVE-2024-29834 Source advisory: OSV:GHSA-7MG2-6C6V-342R...

PT-2024-15707 · WordPress · Duitku Payment Gateway

Name of the Vulnerable Software and Affected Versions: Duitku Payment Gateway plugin for WordPress versions up to, and including, 2.11.4 Description: The issue is related to a missing capability check on the check duitku response function, allowing unauthenticated attackers to modify data...

WordPress Plugin Duitku Payment Gateway Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Duitku Payment Gateway < 2.11.7 - Missing Authorization via check_duitku_response

Description The Duitku Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkduitkuresponse function in all versions up to, and including, 2.11.4. This makes it possible for unauthenticated attackers to change the...

WordPress Football Pool Plugin <= 2.11.3 is vulnerable to Cross Site Scripting (XSS)

Software Football Pool Type Plugin Vulnerable versions = 2.11.3 Fixed in 2.11.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 55a90c79eb31 Credits WordFence Required privilege...

WordPress Antispam Bee Plugin <= 2.11.3 is vulnerable to Bypass Vulnerability

Software Antispam Bee Type Plugin Vulnerable versions = 2.11.3 Fixed in 2.11.4 OWASP Top 10 A6: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-41134 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 5abac73c1838 Credits Mika Required privilege...

Zope Cross-site scripting (XSS) vulnerability in ZMI pages

Cross-site scripting XSS vulnerability in ZMI pages that use the managetabsmessage in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12...

GHSA-9JQ2-JVWC-P52F Contao core SQL Injection Vulnerability

Contao core prior to 2.11.4 has a SQL injection vulnerability in contao-2.11.3\system\modules\backend\Ajax.php...

jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception

This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception...

jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception

This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception...

CVE-2020-28491

This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception...

UBUNTU-CVE-2020-28491

This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception...

CVE-2012-4383

contao prior to 2.11.4 has a sql injection vulnerability...

CVE-2012-4383

contao prior to 2.11.4 has a sql injection vulnerability...