Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

29 matches found

Snyk
Snykadded 2026/03/18 12:59 p.m.3 views

Server-side Request Forgery (SSRF)

Overview @aborruso/ckan-mcp-server is a MCP server for interacting with CKAN open data portals Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the baseurl parameter in the ckanpackagesearch, sparqlquery, and ckandatastoresearchsql tools. An attacker can...

6CVSS5.8AI score0.00016EPSS
Exploits1References2
GitLab Advisory Database
GitLab Advisory Databaseadded 2026/03/18 12:0 a.m.4 views

SSRF in @aborruso/ckan-mcp-server via base_url allows access to internal networks

The @aborruso/ckan-mcp-server MCP server provides tools including ckanpackagesearch and sparqlquery that accept a baseurl parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to contact cloud metadata or internal network service...

5.7CVSS5.9AI score0.00016EPSS
Exploits1References4Affected Software1
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2012-5750

Malware in sbrugna...

9.8CVSS9.2AI score0.0025EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2014-3100

Malware in sbrugna...

2.1CVSS6.4AI score0.00373EPSS
Exploits0References8
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2023-2087

Malicious code in bioql PyPI...

8.8CVSS6.9AI score0.00942EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2025/05/23 5:10 a.m.6 views

CVE-2023-32200

There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0...

8.8CVSS7AI score0.00942EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletinsadded 2023/10/04 8:15 a.m.35 views

Security Bulletin: Vulnerability in Apache Jena-arq library affects IBM Engineering Lifecycle Optimization - Publishing

Summary IBM Engineering Lifecycle Optimization - Publishing is vulnerable to a remote attack due to Apache Jena-arq Vulnerability Details CVEID:CVE-2023-22665 DESCRIPTION: Apache Jena could allow a remote attacker to execute arbitrary code on the system, caused by improper checking of user querie...

5.4CVSS6.3AI score0.00828EPSS
Exploits0Affected Software1
Veracode
Veracodeadded 2023/07/26 10:23 a.m.33 views

Remote Code Execution (RCE)

org.apache.jena:jena is vulnerable to Remote Code Execution RCE. Lack of proper checking for user permissions in script functions allows an attacker to upload and execute malicious code on the system via a SPARQL query...

8.8CVSS7.8AI score0.00942EPSS
Exploits0References4Affected Software1
CNVD
CNVDadded 2023/07/14 12:0 a.m.17 views

Apache Jena Code Execution Vulnerability

Apache Jena is the United States Apache Apache Foundation of a Java Semantic Web framework. Used to build semantic Web and linked data applications. Apache Jena suffers from a code execution vulnerability that stems from insufficient restrictions on called script functions. An attacker can exploi...

8.8CVSS7.6AI score0.00942EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2023/07/12 9:30 a.m.21 views

Apache Jena Expression Language Injection vulnerability

There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena from 3.7.0 through 4.8.0...

8.8CVSS7.1AI score0.00942EPSS
Exploits0References5Affected Software1
NVD
NVDadded 2023/07/12 8:15 a.m.18 views

CVE-2023-32200

There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0...

8.8CVSS8.7AI score0.00942EPSS
Exploits0References2
OSV
OSVadded 2023/07/12 8:15 a.m.3 views

CVE-2023-32200

There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0...

8.8CVSS5.9AI score0.00828EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2023/07/12 7:49 a.m.14 views

CVE-2023-32200 Apache Jena: Exposure of execution in script engine expressions.

There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0...

8.7AI score0.00942EPSS
Exploits0References2
Cvelist
Cvelistadded 2023/07/12 7:49 a.m.13 views

CVE-2023-32200 Apache Jena: Exposure of execution in script engine expressions.

There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0...

8.9AI score0.00942EPSS
Exploits0References2
Debian CVE
Debian CVEadded 2023/07/12 7:49 a.m.22 views

CVE-2023-32200

There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0...

8.8CVSS8.2AI score0.00942EPSS
Exploits0
Veracode
Veracodeadded 2023/05/03 1:44 a.m.25 views

Arbitrary Code Execution

jena-arq is vulnerable to Arbitrary Code Execution. The vulnerability exists due to the insufficient validation of user scripting queries in the library, which allows an attacker to inject and execute malicious JavaScript via a SPARQL query when invoking custom scripts...

5.4CVSS5.5AI score0.00828EPSS
Exploits0References5Affected Software1
CNVD
CNVDadded 2023/04/28 12:0 a.m.9 views

Apache Jena Cross-Site Scripting Vulnerability

Apache Jena is the United States Apache Apache Foundation of a Java Semantic Web framework. Used to build semantic Web and linked data applications. A cross-site scripting vulnerability exists in Apache Jena. The vulnerability stems from insufficient checking of user queries when calling custom...

5.4CVSS6.5AI score0.00828EPSS
Exploits0References1
OSV
OSVadded 2023/04/25 9:30 a.m.22 views

GHSA-XGH5-GWQ5-RPX8 Arbitrary javascript injection in Apache Jena

There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query...

5.4CVSS6AI score0.00828EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2023/04/25 9:30 a.m.22 views

Arbitrary javascript injection in Apache Jena

There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query...

5.4CVSS6.7AI score0.00828EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2023/04/25 7:15 a.m.1 views

DEBIAN-CVE-2023-22665

There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query...

5.4CVSS7.3AI score0.00828EPSS
Exploits0References1
Rows per page
Query Builder