Lucene search
K

165 matches found

Nuclei
Nuclei
added yesterday24 views

CKAN DataStore SQL Search - SQL Injection

CKAN, an open-source data management system used for powering open data portals, contains an unauthenticated SQL injection vulnerability in the datastoresearchsql API endpoint. id: CVE-2026-42031 info: name: CKAN DataStore SQL Search - SQL Injection author: theamanrawat severity: high description...

9.8CVSS6.1AI score0.01815EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 9:40 a.m.16 views

Malicious code in ckanext-dms (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5bce6d55a65fbab98cd93d6109b563f49e9557b542a8b9c2fd68e25755b7089e Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.6AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/15 7:57 p.m.19 views

CVE-2026-42031

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed ...

9.8CVSS5.9AI score0.01815EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/14 7:58 p.m.13 views

CVE-2026-41255

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, Access to the views via tokens or unauthenticated requests marked the endpoint as not requiring CSRF protection. The marking was a member variable in flask-wtf.csrf.CSRFProtect,...

6.1CVSS5.8AI score0.00124EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 7:17 p.m.18 views

CVE-2026-42031

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed ...

9.8CVSS0.01815EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 7:17 p.m.9 views

CVE-2026-42032

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information This vulnerability...

9.1CVSS0.00367EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 7:17 p.m.10 views

CVE-2026-41255

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, Access to the views via tokens or unauthenticated requests marked the endpoint as not requiring CSRF protection. The marking was a member variable in flask-wtf.csrf.CSRFProtect,...

6.1CVSS0.00124EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 7:17 p.m.15 views

CVE-2026-41132

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, the configured SMTP server may be spoofed with any certificate e.g. self-signed, leaving credentials and all emails sent open to MITM attacks. This vulnerability is fixed in...

8.7CVSS0.00194EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 6:58 p.m.9 views

CVE-2026-42032 CKAN: Unauthenticated Authorization Bypass in `datastore_search_sql`

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information This vulnerability...

8.8CVSS5.8AI score0.00367EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 6:58 p.m.32 views

CVE-2026-42032 CKAN: Unauthenticated Authorization Bypass in `datastore_search_sql`

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information This vulnerability...

8.8CVSS0.00367EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 6:57 p.m.8 views

CVE-2026-41255

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, Access to the views via tokens or unauthenticated requests marked the endpoint as not requiring CSRF protection. The marking was a member variable in flask-wtf.csrf.CSRFProtect,...

6.1CVSS5.8AI score0.00124EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/13 6:57 p.m.2 views

CVE-2026-41255 CKAN: CSRF exemption primed by anonymous requests

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, Access to the views via tokens or unauthenticated requests marked the endpoint as not requiring CSRF protection. The marking was a member variable in flask-wtf.csrf.CSRFProtect,...

6.1CVSS6AI score0.00124EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/13 6:53 p.m.7 views

CVE-2026-41132

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, the configured SMTP server may be spoofed with any certificate e.g. self-signed, leaving credentials and all emails sent open to MITM attacks. This vulnerability is fixed in...

8.7CVSS5.8AI score0.00194EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/13 6:52 p.m.9 views

CVE-2026-42031 CKAN: Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql`

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed ...

8.3CVSS5.9AI score0.01815EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 6:52 p.m.22 views

CVE-2026-42031

CVE-2026-42031 : CKAN (data management system) contains an unauthenticated SQL injection in the DataStore API endpoint datastore_search_sql. The flaw allows an attacker to inject SQL to access private resources and PostgreSQL system information. Affected CKAN versions: prior to 2.10.10 and prior ...

9.8CVSS5.9AI score0.01815EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/05/13 6:52 p.m.4 views

CVE-2026-42031 CKAN: Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql`

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed ...

8.3CVSS6AI score0.01815EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.17 views

CKAN SQL注入漏洞

CKAN is an open-source data management system developed by CKAN itself. It is used to power data centers and data portals. Versions of CKAN prior to 2.10.10 and 2.11.5 contained a SQL injection vulnerability. This vulnerability stemmed from a flaw in datastoresearchsql, allowing attackers to inje...

9.8CVSS5.9AI score0.01815EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.15 views

CKAN 信任管理问题漏洞

CKAN is an open-source data management system developed by CKAN contributors. It is used to power data centers and data portals. Versions of CKAN prior to 2.10.10 and 2.11.5 contained a trust management vulnerability. This vulnerability stemmed from the possibility that the configured SMTP server...

8.7CVSS5.8AI score0.00194EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/30 5:34 p.m.10 views

Incorrect Authorization

Overview ckan is a world’s leading Open Source data portal platform. It powers dozens of Open Data portals around the world, including data.gov, open.canada.ca and europeandataportal.eu but also regional, research and community organizations. It makes easy to publish, share and find data online a...

9.1CVSS5.8AI score0.00367EPSS
Exploits0References2
OSV
OSV
added 2026/04/30 5:34 p.m.6 views

GHSA-CG4X-64P3-X59H CKAN has Unauthenticated Authorization Bypass in `datastore_search_sql`

Impact A vulnerability in datastoresearchsql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information Patches The issue has been patched in CKAN 2.10.10 and CKAN 2.11.5 Workarounds Disable the DataStore SQL search...

8.8CVSS5.8AI score0.00367EPSS
Exploits0References7
Rows per page
Query Builder