92 matches found
CVE-2026-41132
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, the configured SMTP server may be spoofed with any certificate e.g. self-signed, leaving credentials and all emails sent open to MITM attacks. This vulnerability is fixed in...
CVE-2026-41255 CKAN: CSRF exemption primed by anonymous requests
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, Access to the views via tokens or unauthenticated requests marked the endpoint as not requiring CSRF protection. The marking was a member variable in flask-wtf.csrf.CSRFProtect,...
CVE-2026-41255 CKAN: CSRF exemption primed by anonymous requests
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, Access to the views via tokens or unauthenticated requests marked the endpoint as not requiring CSRF protection. The marking was a member variable in flask-wtf.csrf.CSRFProtect,...
CVE-2026-41255
CVE-2026-41255 (CKAN) is a CSRF-related vulnerability where, before versions 2.10.10 and 2.11.5, authentication or token-based access could mark views as exempt from CSRF protection via a module-level flag in the Flask-WTF CSRFProtect middleware. An unauthenticated request could hit a protected e...
CVE-2026-41132 CKAN: No certificate validation on STMP connection
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, the configured SMTP server may be spoofed with any certificate e.g. self-signed, leaving credentials and all emails sent open to MITM attacks. This vulnerability is fixed in...
CVE-2026-41132 CKAN: No certificate validation on STMP connection
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, the configured SMTP server may be spoofed with any certificate e.g. self-signed, leaving credentials and all emails sent open to MITM attacks. This vulnerability is fixed in...
CVE-2026-42031
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed ...
CVE-2026-7727
Technical details about CVE-2026-7727 are not publicly available in the provided documents. Monitor for updates.
CVE-2025-54384
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, the helpers.markdownextract function did not perform sufficient sanitization of input data before wrapping in an HTML literal element. This helper is used to render user-provided...
EUVD-2025-36700
CKAN vulnerable to fixed session IDs...
CVE-2025-64100
CKAN (open-source data management system) is vulnerable to session fixation prior to versions 2.10.9 and 2.11.4 when server-side session storage is configured (CKAN uses cookie-based storage by default). An attacker could fix a victim's session ID by setting a cookie or stealing a valid session. ...
CVE-2025-64100 CKAN Vulnerable to Session Cookie Fixation
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, session ids could be fixed by an attacker if the site is configured with server-side session storage CKAN uses cookie-based session storage by default. The attacker would need to...
CVE-2025-54384 CKAN stored XSS vulnerability in Markdown description fields
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, the helpers.markdownextract function did not perform sufficient sanitization of input data before wrapping in an HTML literal element. This helper is used to render user-provided...
CVE-2025-54384 CKAN stored XSS vulnerability in Markdown description fields
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, the helpers.markdownextract function did not perform sufficient sanitization of input data before wrapping in an HTML literal element. This helper is used to render user-provided...
CVE-2025-54384 CKAN stored XSS vulnerability in Markdown description fields
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, the helpers.markdownextract function did not perform sufficient sanitization of input data before wrapping in an HTML literal element. This helper is used to render user-provided...
CKAN 跨站脚本漏洞
CKAN is an open source DMS Data Management System from CKAN Open Source. It is used to power data centers and data portals. A cross-site scripting vulnerability exists in CKAN versions prior to 2.10.9 and prior to 2.11.4, which stems from a failure of the helpers.markdownextract function to...
CKAN 授权问题漏洞
CKAN is an open source DMS Data Management System from CKAN Open Source. It is used to power data centers and data portals. An authorization issue vulnerability exists in CKAN versions prior to 2.10.9 and prior to 2.11.4, which stems from an attacker being able to fix session IDs, potentially...
EUVD-2025-0234
Malicious code in bioql PyPI...
EUVD-2023-3144
Malicious code in bioql PyPI...
The vulnerability of the Adobe Experience Manager (AEM) content and media data management system lies in the insufficient protection of website structures, allowing attackers to execute arbitrary code.
The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...