265 matches found
CKAN DataStore SQL Search - SQL Injection
CKAN, an open-source data management system used for powering open data portals, contains an unauthenticated SQL injection vulnerability in the datastoresearchsql API endpoint. id: CVE-2026-42031 info: name: CKAN DataStore SQL Search - SQL Injection author: theamanrawat severity: high description...
GeoServer OGC Filter - SQL Injection
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is...
GHSA-CF98-J28V-49V6 OpenFGA Improper Policy Enforcement
Description In OpenFGA, when MySQL is being used as the datastore, two distinct check requests can return the same response. Preconditions This applies if the following preconditions are met: 1. You run OpenFGA with MySQL as the datastore 2. Your authorization decisions rely on case-sensitive use...
CVE-2025-27511
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url leading to to Remote Code Execution RCE. Version 2.27.0 fixes...
PT-2026-50730
Name of the Vulnerable Software and Affected Versions OpenFGA versions prior to 1.18.0 Description When using MySQL as the datastore, the system may return identical responses for two distinct check requests. This occurs when authorization decisions depend on case-sensitive user strings...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the orderkey parameter in the labels host-listing endpoint. An attacker can extract sensitive enrollment secrets by manipulating the sort order and leveraging a cursor-based binary search oracle. This is only exploitab...
GHSA-G628-R368-6VH7 GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection
Summary Administrator can perform JNDI attack through specially crafted DB2 jdbc url leading to Remote Code Execution RCE. Impact If GeoServer has DB2 extension installed, this vulnerability can lead to executing arbitrary code. Details Authenticated users can access Vector Data Sources page to...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal in the cluster-admin:backup-datastore component. The user-controlled input of the filePath argument to the BackupDatastoreCommand passes its value into the fileName parameter of a ObjectOutputStream invocations, whic...
CVE-2026-36500
An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request...
CVE-2026-36500
The CVE-2026-36500 vulnerability affects the cluster-admin:backup-datastore component of Controller v12.0.5, where a crafted request can trigger a directory traversal. This is described across multiple sources (NVD/CVE listings, AttackersKB, CVE list, EUVD) as a vulnerability in that component, w...
EUVD-2026-34866
An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request...
CVE-2026-36500
An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request...
PT-2026-47009
An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request...
OpenDaylight 安全漏洞
OpenDaylight ODL is an open-source SDN controller developed under the OpenDaylight project. OpenDaylight v12.0.5 contains a security vulnerability, which stems from issues with the cluster-admin:backup-datastore component. This vulnerability could allow attackers to perform directory traversal...
CVE-2026-36500
An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request...
CVE-2026-36500
An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication via the windowsMDMManagement endpoint. An attacker can gain unauthorized access to management functionality by bypassing authentication mechanisms. Remediation Upgrade...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication via the windowsMDMManagement endpoint. An attacker can gain unauthorized access to management functionality by bypassing authentication mechanisms. Remediation Upgrade...
CVE-2026-42031
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed ...
CVE-2026-42032
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information This vulnerability...