51 matches found
CVE-2026-41255
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, Access to the views via tokens or unauthenticated requests marked the endpoint as not requiring CSRF protection. The marking was a member variable in flask-wtf.csrf.CSRFProtect,...
CVE-2026-41132
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, the configured SMTP server may be spoofed with any certificate e.g. self-signed, leaving credentials and all emails sent open to MITM attacks. This vulnerability is fixed in...
CVE-2026-41132 CKAN: No certificate validation on STMP connection
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, the configured SMTP server may be spoofed with any certificate e.g. self-signed, leaving credentials and all emails sent open to MITM attacks. This vulnerability is fixed in...
CVE-2026-42031 CKAN: Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql`
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed ...
CVE-2026-42031
CVE-2026-42031 : CKAN (data management system) contains an unauthenticated SQL injection in the DataStore API endpoint datastore_search_sql. The flaw allows an attacker to inject SQL to access private resources and PostgreSQL system information. Affected CKAN versions: prior to 2.10.10 and prior ...
CVE-2026-42031 CKAN: Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql`
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed ...
CKAN 安全漏洞
CKAN is an open-source data management system developed by CKAN itself. It is used to power data centers and data portals. Versions of CKAN prior to 2.10.10 and 2.11.5 contained security vulnerabilities. These vulnerabilities stemmed from a vulnerability in datastoresearchsql, which allowed...
PT-2026-36817
Name of the Vulnerable Software and Affected Versions CKAN versions prior to 2.10.10 CKAN versions prior to 2.11.5 Description An issue in the datastore search sql function allows attackers to bypass authorization. This can lead to unauthorized access to private resources and PostgreSQL system...
GHSA-H7J7-3RX6-XVCG CKAN has Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql`
Impact A vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information. Patches The issue has been patched in CKAN 2.10.10 and CKAN 2.11.5 Workarounds Disable the DataStore SQL search...
PT-2026-36110
Name of the Vulnerable Software and Affected Versions CKAN versions prior to 2.10.10 CKAN versions prior to 2.11.5 Description A SQL injection flaw exists in the datastore search sql function. This allows attackers to inject SQL commands to gain unauthorized access to private resources and...
PT-2026-37108
Name of the Vulnerable Software and Affected Versions CKAN versions prior to 2.10.10 CKAN versions prior to 2.11.5 Description The configured SMTP server may be spoofed using any certificate, such as a self-signed one. This allows for Man-in-the-Middle MITM attacks, where an attacker intercepts...
CVE-2025-8732 affecting package libxml2 for versions less than 2.11.5-9
CVE-2025-8732 affecting package libxml2 for versions less than 2.11.5-9. A patched version of the package is available...
CVE-2026-0992 affecting package libxml2 for versions less than 2.11.5-9
CVE-2026-0992 affecting package libxml2 for versions less than 2.11.5-9. A patched version of the package is available...
CVE-2026-0990 affecting package libxml2 for versions less than 2.11.5-9
CVE-2026-0990 affecting package libxml2 for versions less than 2.11.5-9. A patched version of the package is available...
CVE-2025-7425 affecting package libxml2 for versions less than 2.11.5-8
CVE-2025-7425 affecting package libxml2 for versions less than 2.11.5-8. A patched version of the package is available...
CVE-2025-49795 affecting package libxml2 for versions less than 2.11.5-7
CVE-2025-49795 affecting package libxml2 for versions less than 2.11.5-7. A patched version of the package is available...
EUVD-2008-1158
Malware in sbrugna...
EUVD-2025-8216
Malicious code in bioql PyPI...
EUVD-2023-1732
Malicious code in bioql PyPI...
GO-2025-3923 Rancher affected by unauthenticated Denial of Service in github.com/rancher/rancher
Rancher affected by unauthenticated Denial of Service in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...