10 matches found
CVE-2026-33060
CKAN MCP Server is a tool for querying CKAN open data portals. Versions prior to 0.4.85 provide tools including ckanpackagesearch and sparqlquery that accept a baseurl parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to...
CVE-2026-33060
CKAN MCP Server is a tool for querying CKAN open data portals. Versions prior to 0.4.85 provide tools including ckanpackagesearch and sparqlquery that accept a baseurl parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to...
CVE-2026-33060
The CVE-2026-33060 entry affects the CKAN MCP Server prior to version 0.4.85. The vulnerable components are the MCP server tools ckan_package_search, sparql_query, and ckan_datastore_search_sql, which accept a base_url parameter that can be used to make HTTP requests to arbitrary endpoints. The r...
CVE-2026-33060 CKAN MCP Server: SSRF via base_url allows access to internal networks
CKAN MCP Server is a tool for querying CKAN open data portals. Versions prior to 0.4.85 provide tools including ckanpackagesearch and sparqlquery that accept a baseurl parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to...
EUVD-2022-4146
Malicious code in bioql PyPI...
Command Injection in VIVO Vitro
SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service ReDoS, as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request...
GHSA-HGQ9-Q8G2-3JMG Command Injection in VIVO Vitro
SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service ReDoS, as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request...
Sql injection
SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service ReDoS, as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request...
CVE-2019-6986
SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service ReDoS, as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request...
CVE-2019-6986
CVE-2019-6986 describes a SPARQL Injection in VIVO Vitro v1.10.0 where a remote attacker can craft a request to the endpoint “/individual?uri=” to execute arbitrary SPARQL, leading to a Regular Expression Denial of Service (ReDoS) via crafted FILTER%20regex usage. Affected product/component: VIVO...