CVE-2025-64100 CKAN Vulnerable to Session Cookie Fixation

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, session ids could be fixed by an attacker if the site is configured with server-side session storage CKAN uses cookie-based session storage by default. The attacker would need to...

Django Vulnerability Could Allow Attackers Access to Cookies

A security vulnerability in the web framework Django could make it easier for an attacker to steal a user’s cookie and log into their website even after they’ve logged out. The session invalidation vulnerability was discovered by G.S. McNamara, the same researcher who dug up a similar vulnerabili...