CVE-2025-54384

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, the helpers.markdownextract function did not perform sufficient sanitization of input data before wrapping in an HTML literal element. This helper is used to render user-provided...

Cross-site Scripting (XSS)

Overview ckan is a world’s leading Open Source data portal platform. It powers dozens of Open Data portals around the world, including data.gov, open.canada.ca and europeandataportal.eu but also regional, research and community organizations. It makes easy to publish, share and find data online a...

CKAN vulnerable to stored XSS in resource description

Impact The helpers.markdownextract function did not perform sufficient sanitization of input data before wrapping in an HTML literal element. This helper is used to render user-provided data on dataset, resource, organization or group pages plus any page provided by an extension that used that...

EUVD-2025-36667

CKAN vulnerable to stored XSS in resource description...

CVE-2025-54384 CKAN stored XSS vulnerability in Markdown description fields

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, the helpers.markdownextract function did not perform sufficient sanitization of input data before wrapping in an HTML literal element. This helper is used to render user-provided...

CVE-2025-54384

CKAN is affected by a stored XSS vulnerability in the helpers.markdown_extract() function. Before versions 2.10.9 and 2.11.4, user-provided data rendered on dataset/resource/organization/group pages could be wrapped in an HTML literal without sufficient sanitization, enabling an XSS vector. The i...

CKAN 跨站脚本漏洞

CKAN is an open source DMS Data Management System from CKAN Open Source. It is used to power data centers and data portals. A cross-site scripting vulnerability exists in CKAN versions prior to 2.10.9 and prior to 2.11.4, which stems from a failure of the helpers.markdownextract function to...

PT-2025-44311

Name of the Vulnerable Software and Affected Versions CKAN versions prior to 2.10.9 CKAN versions prior to 2.11.4 Description CKAN, an open-source data management system, contains a flaw in the helpers.markdown extract function. Insufficient input sanitization before wrapping data in an HTML...

CVE-2025-40031

In the Linux kernel, the following vulnerability has been resolved: tee: fix registershmhelper In registershmhelper, fix incorrect error handling for a call to ioviterextractpages. A case is missing for when ioviterextractpages only got some pages and return a number larger than 0, but not the...

Linux Distros Unpatched Vulnerability : CVE-2025-40031

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tee: fix registershmhelper In registershmhelper, fix incorrect error handling for a call to ioviterextractpages. A case is missing for when ioviterextractpages...

Updated python-django packages fix a security vulnerability

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the kwarg...

django: Potential partial directory-traversal via archive.extract()

A flaw was found in Django. The django.utils.archive.extract function, used by startapp --templateand startproject --template, allowed partial directory-traversal via an archive with file paths sharing a common prefix with the target directory...

GHSA-9P44-Q66P-XM6P ProcessWire CMS vulnerable to resource-exhaustion Denial of Service

ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service...

Microsoft Windows 日志信息泄露漏洞

Microsoft Windows is a suite of operating systems used by Microsoft Corporation USA for personal devices. A log information disclosure vulnerability exists in Microsoft Windows ETL Channel, which can be exploited by an attacker to obtain sensitive information...

EUVD-2025-34050

SOOP-CLM developed by PiExtract has a Hidden Functionality vulnerability, allowing privileged remote attackers to exploit a hidden functionality to execute arbitrary code on the server...

EUVD-2025-34045

SOOP-CLM developed by PiExtract has a Server-Side Request Forgery vulnerability, allowing privileged remote attackers to read server files or probe internal network information...

CVE-2025-11674 PiExtract｜SOOP-CLM - Server-Side Request Forgery

SOOP-CLM developed by PiExtract has a Server-Side Request Forgery vulnerability, allowing privileged remote attackers to read server files or probe internal network information...

WordPress plugin WP Scraper 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress...

CVE-2025-11490

A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected element is the function extractBaseCommand of the file src/command-manager.ts of the component Absolute Path Handler. Such manipulation leads to os command injection. The attack may be performed from...

Command Injection

Overview @wonderwhy-er/desktop-commander is a MCP server for terminal operations and file editing Affected versions of this package are vulnerable to Command Injection via the extractBaseCommand function. An attacker can execute arbitrary operating system commands by supplying crafted input that ...