CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

Snyk•added 2026/04/29 11:11 p.m.•5 views

SQL Injection

Overview ckan is a world’s leading Open Source data portal platform. It powers dozens of Open Data portals around the world, including data.gov, open.canada.ca and europeandataportal.eu but also regional, research and community organizations. It makes easy to publish, share and find data online a...

9.8CVSS5.9AI score0.01815EPSS

Exploits0References2

Positive Technologies•added 2026/04/29 12:0 a.m.•4 views

PT-2026-37112

Name of the Vulnerable Software and Affected Versions CKAN versions prior to 2.10.10 CKAN versions prior to 2.11.5 Description Accessing views via tokens or unauthenticated requests can mark an endpoint as not requiring Cross-Site Request Forgery CSRF protection. This occurs because the marking i...

6.1CVSS5.8AI score0.00124EPSS

Exploits0References7

Positive Technologies•added 2026/04/29 12:0 a.m.•8 views

PT-2026-36110

Name of the Vulnerable Software and Affected Versions CKAN versions prior to 2.10.10 CKAN versions prior to 2.11.5 Description A SQL injection flaw exists in the datastore search sql function. This allows attackers to inject SQL commands to gain unauthorized access to private resources and...

8.3CVSS5.8AI score0.01815EPSS

Exploits0References10

Positive Technologies•added 2026/04/29 12:0 a.m.•12 views

PT-2026-37108

Name of the Vulnerable Software and Affected Versions CKAN versions prior to 2.10.10 CKAN versions prior to 2.11.5 Description The configured SMTP server may be spoofed using any certificate, such as a self-signed one. This allows for Man-in-the-Middle MITM attacks, where an attacker intercepts...

8.7CVSS5.8AI score0.00194EPSS

Exploits0References6

CNNVD•added 2026/03/20 12:0 a.m.•5 views

CKAN MCP Server 代码问题漏洞

CKAN MCP Server is an open-source tool developed by onData, designed for natural language queries between AI assistants and open data platforms. Versions of CKAN MCP Server prior to 0.4.85 contained code vulnerabilities. These vulnerabilities stemmed from insufficient validation of the baseurl...

5.7CVSS5.9AI score0.00289EPSS

Exploits1References2

RedhatCVE•added 2025/12/10 3:26 a.m.•3 views

CVE-2025-66631

CSLA .NET is a framework designed for the development of reusable, object-oriented business layers for applications. Versions 5.5.4 and below allow the use of WcfProxy. WcfProxy uses the now-obsolete NetDataContractSerializer NDCS and is vulnerable to remote code execution during deserialization...

9.2CVSS7.8AI score0.00555EPSS

Exploits0References1

NVD•added 2025/12/09 4:18 p.m.•2 views

CVE-2025-66631

9.8CVSS0.00555EPSS

Exploits0References3

Cvelist•added 2025/12/09 3:18 a.m.•31 views

CVE-2025-66631 CSLA .NET is vulnerable to Remote Code Execution via WcfProxy

9.2CVSS0.00555EPSS

Exploits0References3

Vulnrichment•added 2025/12/09 3:18 a.m.•4 views

CVE-2025-66631 CSLA .NET is vulnerable to Remote Code Execution via WcfProxy

9.2CVSS7.7AI score0.00555EPSS

Exploits0References3

OSV•added 2025/12/09 3:18 a.m.•5 views

CVE-2025-66631 CSLA .NET is vulnerable to Remote Code Execution via WcfProxy

9.2CVSS8AI score0.00555EPSS

Exploits0References5

OSV•added 2025/10/29 9:49 p.m.•5 views

GHSA-2HVH-CW5C-8Q8Q CKAN vulnerable to fixed session IDs

Impact Session ids could be fixed by an attacker if the site is configured with server-side session storage CKAN uses cookie-based session storage by default. The attacker would need to either set a cookie on the victim's browser or steal the victim's currently valid session. Session identifiers...

6.1CVSS6.6AI score0.0024EPSS

Exploits0References4

Snyk•added 2025/10/29 6:41 p.m.•1 views

Session Fixation

7CVSS6.8AI score0.0024EPSS

Exploits0References2

Snyk•added 2025/10/29 3:42 p.m.•5 views

Cross-site Scripting (XSS)

7CVSS5.5AI score0.00182EPSS

Exploits0References2

OSV•added 2025/05/23 1:34 a.m.•3 views

MAL-2025-4331 Malicious code in data-portal-dwh-apps-fe (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ab7cba9f94172f82eeb5393dcc4b3550acc666567a7b87fe87fc5aca5c917b6b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score

Exploits0References1

OSSF Malicious Packages•added 2025/05/23 1:34 a.m.•3 views

Malicious code in data-portal-dwh-apps-fe (npm)

6.9AI score

Exploits0References1

OSSF Malicious Packages•added 2024/12/08 9:58 p.m.•5 views

Malicious code in @cdh-data-portal-theme/build (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score

Exploits0

OSV•added 2024/12/08 9:58 p.m.•4 views

MAL-2024-11262 Malicious code in @cdh-data-portal-theme/build (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score

Exploits0

OSSF Malicious Packages•added 2024/11/16 10:39 p.m.•3 views

Malicious code in cdh-data-portal-theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e6ac026c66f2a670f6f56fe85c824dd376615547be46d3c52ee056eeaba4089 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score

Exploits0References1

OSV•added 2024/11/16 10:39 p.m.•5 views

MAL-2024-10744 Malicious code in cdh-data-portal-theme (npm)

7AI score

Exploits0References1

CVE•added 2023/05/26 10:57 p.m.•135 views

CVE-2023-32321

CKAN (open-source data management system) is affected by CVE-2023-32321 with multiple flaws in older CKAN releases up to 2.9.9/2.10.1. The issues include: (1) arbitrary file writes in resource_create and package_update via ResourceUploader, potentially reachable through package_create/revise/patc...

9.8CVSS10AI score0.01684EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by