CVE-2025-64100 CKAN Vulnerable to Session Cookie Fixation

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, session ids could be fixed by an attacker if the site is configured with server-side session storage CKAN uses cookie-based session storage by default. The attacker would need to...

CVE-2025-54384

CKAN is affected by a stored XSS vulnerability in the helpers.markdown_extract() function. Before versions 2.10.9 and 2.11.4, user-provided data rendered on dataset/resource/organization/group pages could be wrapped in an HTML literal without sufficient sanitization, enabling an XSS vector. The i...

CKAN 跨站脚本漏洞

CKAN is an open source DMS Data Management System from CKAN Open Source. It is used to power data centers and data portals. A cross-site scripting vulnerability exists in CKAN versions prior to 2.10.9 and prior to 2.11.4, which stems from a failure of the helpers.markdownextract function to...

CKAN 授权问题漏洞

CKAN is an open source DMS Data Management System from CKAN Open Source. It is used to power data centers and data portals. An authorization issue vulnerability exists in CKAN versions prior to 2.10.9 and prior to 2.11.4, which stems from an attacker being able to fix session IDs, potentially...

EUVD-2025-13290

Malicious code in bioql PyPI...

CVE-2025-46566

DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.9...

CVE-2025-46566

DataEase CVE-2025-46566 affects the open-source BI tool; authenticated users could achieve RCE via the backend JDBC link due to validation issues in the JDBC path. The vulnerability is addressed in version 2.10.9, with Red Hat/OSV notes indicating a bypass risk before 2.10.10 and that 2.10.10 con...

CVE-2025-46566 Dataease redshift JDBC Connection Remote Code Execution

DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.9...

CVE-2025-46566 Dataease redshift JDBC Connection Remote Code Execution

DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.9...

PYSEC-2017-148

Cross-site scripting XSS vulnerability in ZMI pages that use the managetabsmessage in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12...

phplist 2.10.9 - CSRF/XSS Vulnerability

No description provided by source. +-------------------------------------------------------------------------+ Exploit Title : phplist - version 2.10.9 CSRF/XSS Vulnerability version : 2.10.9 Author : Cyber-Crystal Date : n/a Dork : inurl:powered by phplist - version 2.10.9 Software Link :...

phplist - version 2.10.9 CSRF/XSS Vulnerability

Exploit for php platform in category web applications +-------------------------------------------------------------------------+ Exploit Title : phplist - version 2.10.9 CSRF/XSS Vulnerability version : 2.10.9 Author : Cyber-Crystal Date : n/a Dork : inurl:"powered by phplist - version 2.10.9"...

phpList 2.10.9 - Cross-Site Request Forgery Cross-Site Scripting

phpList 2.10.9 - Cross-Site Request Forgery Cross-Site Scripting +-------------------------------------------------------------------------+ Exploit Title : phplist - version 2.10.9 CSRF/XSS Vulnerability version : 2.10.9 Author : Cyber-Crystal Date : n/a Dork : inurl:"powered by phplist - versio...