CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/05/15 7:57 p.m.•4 views

CVE-2026-42031

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed ...

9.8CVSS5.9AI score0.13784EPSS

RedhatCVE•added 2026/05/14 7:58 p.m.•5 views

CVE-2026-42032

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information This vulnerability...

NVD•added 2026/05/13 7:17 p.m.•4 views

CVE-2026-42032

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information This vulnerability...

9.1CVSS0.00016EPSS

NVD•added 2026/05/13 7:17 p.m.•4 views

CVE-2026-42031

9.8CVSS0.13784EPSS

Cvelist•added 2026/05/13 6:58 p.m.•23 views

CVE-2026-42032 CKAN: Unauthenticated Authorization Bypass in `datastore_search_sql`

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information This vulnerability...

8.8CVSS0.00016EPSS

ATTACKERKB•added 2026/05/13 6:58 p.m.•4 views

CVE-2026-42032

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information This vulnerability...

8.8CVSS5.8AI score0.00016EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/13 6:58 p.m.•4 views

CVE-2026-42032 CKAN: Unauthenticated Authorization Bypass in `datastore_search_sql`

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information This vulnerability...

8.8CVSS5.8AI score0.00016EPSS

Vulnrichment•added 2026/05/13 6:52 p.m.•3 views

CVE-2026-42031 CKAN: Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql`

8.3CVSS5.9AI score0.13784EPSS

ATTACKERKB•added 2026/05/13 6:52 p.m.•4 views

CVE-2026-42031

8.3CVSS5.9AI score0.13784EPSS

Exploits0References2Affected Software1

CVE•added 2026/05/13 6:52 p.m.•7 views

CVE-2026-42031

CVE-2026-42031 : CKAN (data management system) contains an unauthenticated SQL injection in the DataStore API endpoint datastore_search_sql. The flaw allows an attacker to inject SQL to access private resources and PostgreSQL system information. Affected CKAN versions: prior to 2.10.10 and prior ...

9.8CVSS5.9AI score0.13784EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/05/13 6:52 p.m.•90 views

CVE-2026-42031 CKAN: Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql`

8.3CVSS0.13784EPSS

CNNVD•added 2026/05/13 12:0 a.m.•5 views

CKAN SQL注入漏洞

CKAN is an open-source data management system developed by CKAN itself. It is used to power data centers and data portals. Versions of CKAN prior to 2.10.10 and 2.11.5 contained a SQL injection vulnerability. This vulnerability stemmed from a flaw in datastoresearchsql, allowing attackers to inje...

9.8CVSS5.9AI score0.13784EPSS

CNNVD•added 2026/05/13 12:0 a.m.•5 views

CKAN 安全漏洞

CKAN is an open-source data management system developed by CKAN itself. It is used to power data centers and data portals. Versions of CKAN prior to 2.10.10 and 2.11.5 contained security vulnerabilities. These vulnerabilities stemmed from a vulnerability in datastoresearchsql, which allowed...

Veracode•added 2026/05/09 5:40 a.m.•7 views

Authorization Bypass

CKAN is vulnerable to Authorization Bypass. The vulnerability is due to improper authorization enforcement in datastoresearchsql, allowing attackers to bypass access controls and retrieve data from private resources as well as PostgreSQL system information...

Exploits0References3Affected Software1

Veracode•added 2026/05/09 5:36 a.m.•5 views

SQL Injection

CKAN is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of input in datastoresearchsql, which allows an attacker to inject arbitrary SQL queries and gain access to private resources and PostgreSQL system information...

9.8CVSS6AI score0.13784EPSS

Exploits0References6Affected Software1

Github Security Blog•added 2026/04/30 5:34 p.m.•5 views

CKAN has Unauthenticated Authorization Bypass in `datastore_search_sql`

Impact A vulnerability in datastoresearchsql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information Patches The issue has been patched in CKAN 2.10.10 and CKAN 2.11.5 Workarounds Disable the DataStore SQL search...

9.1CVSS5.7AI score0.00016EPSS

Exploits0References7Affected Software1

Snyk•added 2026/04/30 5:34 p.m.•4 views

Incorrect Authorization

Overview ckan is a world’s leading Open Source data portal platform. It powers dozens of Open Data portals around the world, including data.gov, open.canada.ca and europeandataportal.eu but also regional, research and community organizations. It makes easy to publish, share and find data online a...