Lucene search
K

51 matches found

RedhatCVE
RedhatCVE
added 2026/05/14 7:58 p.m.13 views

CVE-2026-41255

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, Access to the views via tokens or unauthenticated requests marked the endpoint as not requiring CSRF protection. The marking was a member variable in flask-wtf.csrf.CSRFProtect,...

6.1CVSS5.8AI score0.00124EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/14 7:58 p.m.8 views

CVE-2026-41132

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, the configured SMTP server may be spoofed with any certificate e.g. self-signed, leaving credentials and all emails sent open to MITM attacks. This vulnerability is fixed in...

8.7CVSS5.8AI score0.00194EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 6:53 p.m.7 views

CVE-2026-41132 CKAN: No certificate validation on STMP connection

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, the configured SMTP server may be spoofed with any certificate e.g. self-signed, leaving credentials and all emails sent open to MITM attacks. This vulnerability is fixed in...

8.7CVSS5.8AI score0.00194EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 6:52 p.m.9 views

CVE-2026-42031 CKAN: Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql`

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed ...

8.3CVSS5.9AI score0.01815EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 6:52 p.m.22 views

CVE-2026-42031

CVE-2026-42031 : CKAN (data management system) contains an unauthenticated SQL injection in the DataStore API endpoint datastore_search_sql. The flaw allows an attacker to inject SQL to access private resources and PostgreSQL system information. Affected CKAN versions: prior to 2.10.10 and prior ...

9.8CVSS5.9AI score0.01815EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/05/13 6:52 p.m.3 views

CVE-2026-42031 CKAN: Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql`

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed ...

8.3CVSS6AI score0.01815EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.16 views

CKAN 安全漏洞

CKAN is an open-source data management system developed by CKAN itself. It is used to power data centers and data portals. Versions of CKAN prior to 2.10.10 and 2.11.5 contained security vulnerabilities. These vulnerabilities stemmed from a vulnerability in datastoresearchsql, which allowed...

9.1CVSS5.8AI score0.00367EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.10 views

PT-2026-36817

Name of the Vulnerable Software and Affected Versions CKAN versions prior to 2.10.10 CKAN versions prior to 2.11.5 Description An issue in the datastore search sql function allows attackers to bypass authorization. This can lead to unauthorized access to private resources and PostgreSQL system...

8.8CVSS5.8AI score0.00367EPSS
Exploits0References9
OSV
OSV
added 2026/04/29 11:11 p.m.8 views

GHSA-H7J7-3RX6-XVCG CKAN has Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql`

Impact A vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information. Patches The issue has been patched in CKAN 2.10.10 and CKAN 2.11.5 Workarounds Disable the DataStore SQL search...

8.3CVSS5.8AI score0.01815EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.16 views

PT-2026-36110

Name of the Vulnerable Software and Affected Versions CKAN versions prior to 2.10.10 CKAN versions prior to 2.11.5 Description A SQL injection flaw exists in the datastore search sql function. This allows attackers to inject SQL commands to gain unauthorized access to private resources and...

8.3CVSS5.8AI score0.01815EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.16 views

PT-2026-37108

Name of the Vulnerable Software and Affected Versions CKAN versions prior to 2.10.10 CKAN versions prior to 2.11.5 Description The configured SMTP server may be spoofed using any certificate, such as a self-signed one. This allows for Man-in-the-Middle MITM attacks, where an attacker intercepts...

8.7CVSS5.8AI score0.00194EPSS
Exploits0References6
CBLMariner
CBLMariner
added 2026/03/10 10:56 p.m.3 views

CVE-2025-8732 affecting package libxml2 for versions less than 2.11.5-9

CVE-2025-8732 affecting package libxml2 for versions less than 2.11.5-9. A patched version of the package is available...

4.8CVSS5.8AI score0.00202EPSS
Exploits1
CBLMariner
CBLMariner
added 2026/03/10 10:56 p.m.5 views

CVE-2026-0992 affecting package libxml2 for versions less than 2.11.5-9

CVE-2026-0992 affecting package libxml2 for versions less than 2.11.5-9. A patched version of the package is available...

2.9CVSS5.8AI score0.00308EPSS
Exploits1
CBLMariner
CBLMariner
added 2026/03/10 10:56 p.m.5 views

CVE-2026-0990 affecting package libxml2 for versions less than 2.11.5-9

CVE-2026-0990 affecting package libxml2 for versions less than 2.11.5-9. A patched version of the package is available...

5.9CVSS5.8AI score0.00755EPSS
Exploits1
CBLMariner
CBLMariner
added 2026/01/20 9:41 p.m.8 views

CVE-2025-7425 affecting package libxml2 for versions less than 2.11.5-8

CVE-2025-7425 affecting package libxml2 for versions less than 2.11.5-8. A patched version of the package is available...

7.8CVSS6.1AI score0.00339EPSS
Exploits1
CBLMariner
CBLMariner
added 2025/11/14 10:3 p.m.4 views

CVE-2025-49795 affecting package libxml2 for versions less than 2.11.5-7

CVE-2025-49795 affecting package libxml2 for versions less than 2.11.5-7. A patched version of the package is available...

7.5CVSS6.9AI score0.00475EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2008-1158

Malware in sbrugna...

5.1CVSS6AI score0.00912EPSS
Exploits0References22
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-8216

Malicious code in bioql PyPI...

7.6CVSS6.3AI score0.00306EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-1732

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00574EPSS
Exploits0References5
OSV
OSV
added 2025/09/08 2:13 p.m.5 views

GO-2025-3923 Rancher affected by unauthenticated Denial of Service in github.com/rancher/rancher

Rancher affected by unauthenticated Denial of Service in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...

8.2CVSS6.7AI score0.00482EPSS
Exploits0References6
Rows per page
Query Builder