Lucene search
K

265 matches found

Nuclei
Nuclei
added yesterday19 views

CKAN DataStore SQL Search - SQL Injection

CKAN, an open-source data management system used for powering open data portals, contains an unauthenticated SQL injection vulnerability in the datastoresearchsql API endpoint. id: CVE-2026-42031 info: name: CKAN DataStore SQL Search - SQL Injection author: theamanrawat severity: high description...

9.8CVSS6AI score0.01815EPSS
Exploits0References2
Nuclei
Nuclei
added 2 days ago154 views

GeoServer OGC Filter - SQL Injection

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is...

9.8CVSS7.2AI score0.85247EPSS
Exploits2References5
OSV
OSV
added 2026/06/18 3:5 p.m.4 views

GHSA-CF98-J28V-49V6 OpenFGA Improper Policy Enforcement

Description In OpenFGA, when MySQL is being used as the datastore, two distinct check requests can return the same response. Preconditions This applies if the following preconditions are met: 1. You run OpenFGA with MySQL as the datastore 2. Your authorization decisions rely on case-sensitive use...

2.1CVSS5.4AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 2:23 p.m.6 views

CVE-2025-27511

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url leading to to Remote Code Execution RCE. Version 2.27.0 fixes...

8.8CVSS7.4AI score0.01378EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.11 views

PT-2026-50730

Name of the Vulnerable Software and Affected Versions OpenFGA versions prior to 1.18.0 Description When using MySQL as the datastore, the system may return identical responses for two distinct check requests. This occurs when authorization decisions depend on case-sensitive user strings...

2.1CVSS5.8AI score
Exploits0References4
Snyk
Snyk
added 2026/06/12 9:0 p.m.2 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the orderkey parameter in the labels host-listing endpoint. An attacker can extract sensitive enrollment secrets by manipulating the sort order and leveraging a cursor-based binary search oracle. This is only exploitab...

7.1CVSS6AI score0.00032EPSS
Exploits0References2
OSV
OSV
added 2026/06/11 8:34 p.m.5 views

GHSA-G628-R368-6VH7 GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection

Summary Administrator can perform JNDI attack through specially crafted DB2 jdbc url leading to Remote Code Execution RCE. Impact If GeoServer has DB2 extension installed, this vulnerability can lead to executing arbitrary code. Details Authenticated users can access Vector Data Sources page to...

7.2CVSS5.7AI score0.00582EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/05 6:19 p.m.10 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the cluster-admin:backup-datastore component. The user-controlled input of the filePath argument to the BackupDatastoreCommand passes its value into the fileName parameter of a ObjectOutputStream invocations, whic...

9.1CVSS6.2AI score0.00686EPSS
Exploits0References2
NVD
NVD
added 2026/06/05 6:17 p.m.14 views

CVE-2026-36500

An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request...

9.1CVSS0.00686EPSS
Exploits0References2
CVE
CVE
added 2026/06/05 12:0 a.m.19 views

CVE-2026-36500

The CVE-2026-36500 vulnerability affects the cluster-admin:backup-datastore component of Controller v12.0.5, where a crafted request can trigger a directory traversal. This is described across multiple sources (NVD/CVE listings, AttackersKB, CVE list, EUVD) as a vulnerability in that component, w...

9.1CVSS5.7AI score0.00686EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/05 12:0 a.m.10 views

EUVD-2026-34866

An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request...

5.7AI score0.00686EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/05 12:0 a.m.10 views

CVE-2026-36500

An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request...

5.7AI score0.00686EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.15 views

PT-2026-47009

An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request...

5.7AI score0.00686EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.9 views

OpenDaylight 安全漏洞

OpenDaylight ODL is an open-source SDN controller developed under the OpenDaylight project. OpenDaylight v12.0.5 contains a security vulnerability, which stems from issues with the cluster-admin:backup-datastore component. This vulnerability could allow attackers to perform directory traversal...

9.1CVSS5.3AI score0.00686EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/05 12:0 a.m.6 views

CVE-2026-36500

An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request...

5.7AI score0.00686EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/05 12:0 a.m.30 views

CVE-2026-36500

An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request...

0.00686EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/26 10:48 p.m.6 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the windowsMDMManagement endpoint. An attacker can gain unauthorized access to management functionality by bypassing authentication mechanisms. Remediation Upgrade...

8.2CVSS5.8AI score0.00214EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/26 10:48 p.m.8 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the windowsMDMManagement endpoint. An attacker can gain unauthorized access to management functionality by bypassing authentication mechanisms. Remediation Upgrade...

8.2CVSS5.8AI score0.00214EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/15 7:57 p.m.15 views

CVE-2026-42031

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed ...

9.8CVSS5.9AI score0.01815EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/14 7:58 p.m.17 views

CVE-2026-42032

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information This vulnerability...

9.1CVSS5.8AI score0.00367EPSS
Exploits0References1
Rows per page
Query Builder