SSRF in @aborruso/ckan-mcp-server via base_url allows access to internal networks

Summary The @aborruso/ckan-mcp-server MCP server provides tools including ckanpackagesearch and sparqlquery that accept a baseurl parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to contact cloud metadata or internal network...

Server-side Request Forgery (SSRF)

Overview @aborruso/ckan-mcp-server is a MCP server for interacting with CKAN open data portals Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the baseurl parameter in the ckanpackagesearch, sparqlquery, and ckandatastoresearchsql tools. An attacker can...

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

CVE-2026-22730

A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands. The vulnerability exists due to missing input sanitization...

Microsoft Dynamics 365 Customer Engagement 安全漏洞

Microsoft Dynamics 365 Customer Engagement is an enterprise-level application system developed by Microsoft for customer relationship management and business process automation. Version 1612.2.3034 of Microsoft Dynamics 365 Customer Engagement contains a security vulnerability. This vulnerability...

IBM InfoSphere Information Server Information Disclosure Vulnerability (7007059)

The version of IBM InfoSphere Information Server installed on the remote host is 11.7.x prior or equal to 11.7.1.4. It is, therefore, potentially affected by an information disclosure vulnerability: - IBM InfoSphere Information Server could allow a remote attacker to obtain system information usi...

PT-2026-26091

Name of the Vulnerable Software and Affected Versions Heimdall versions 0.7.0-alpha through 0.17.10 Description Heimdall, a cloud native Identity Aware Proxy and Access Control Decision service, contains an issue where incorrect encoding of the query URL string can allow bypass of rules with...

CVE-2025-67829

Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection...

CVE-2025-67829

Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection...

PT-2026-26096

Summary The @aborruso/ckan-mcp-server MCP server provides tools including ckan package search and sparql query that accept a base url parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to contact cloud metadata or internal...

CVE-2025-67830

Mura before 10.1.14 is affected by an SQL injection in beanFeed.cfc getQuery sortby. The vulnerability stems from unsafely handling the sortby parameter in that function. No exploitation details are provided in the documents. Remediation details are not specified here.

CVE-2025-58112

Microsoft Dynamics 365 Customer Engagement on-premises 1612 9.0.2.3034 allows the generation of customized reports via raw SQL queries in an upload of a .rdl Report Definition Language file; this is then processed by the SQL Server Reporting Service. An account with the privilege Add Reporting...

Unspecified vulnerability in AnythingLLM (CNVD-2026-17191)

AnythingLLM is an all-in-one AI application open-sourced by Mintplex. AnythingLLM suffers from a security vulnerability that stems from two common system preferences endpoints that allow administrator role access, which can be exploited by an attacker to cause the administrator to read plaintext...

CVE-2025-67829

Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection...

CVE-2025-67830

Mura before 10.1.14 allows beanFeed.cfc getQuery sortby SQL injection...

Mura 安全漏洞

Mura is a content management system developed by Mura Corporation. Versions of Mura prior to 10.1.14 contained security vulnerabilities, which were caused by SQL injection attacks in the getQuery sortDirection parameter of the beanFeed.cfc file...

Kanboard SQL注入漏洞

Kanboard is a set of open-source visualization taskboards developed by Kanboard. This software allows for the customization of panels according to business needs. Versions of Kanboard prior to 1.2.51 contained a SQL injection vulnerability. This vulnerability could lead to the exposure of databas...

PT-2026-26158

MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware Summary The bearer token authentication middleware in @apostrophecms/express/index.js lines 386-389 contains an incorrect MongoDB query that allows incomplete login tokens — where the password was verified but TOTP/MFA...