CVE-2025-64100 CKAN Vulnerable to Session Cookie Fixation

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, session ids could be fixed by an attacker if the site is configured with server-side session storage CKAN uses cookie-based session storage by default. The attacker would need to...

CVE-2025-54384

CKAN is affected by a stored XSS vulnerability in the helpers.markdown_extract() function. Before versions 2.10.9 and 2.11.4, user-provided data rendered on dataset/resource/organization/group pages could be wrapped in an HTML literal without sufficient sanitization, enabling an XSS vector. The i...

CKAN 跨站脚本漏洞

CKAN is an open source DMS Data Management System from CKAN Open Source. It is used to power data centers and data portals. A cross-site scripting vulnerability exists in CKAN versions prior to 2.10.9 and prior to 2.11.4, which stems from a failure of the helpers.markdownextract function to...

CKAN 授权问题漏洞

CKAN is an open source DMS Data Management System from CKAN Open Source. It is used to power data centers and data portals. An authorization issue vulnerability exists in CKAN versions prior to 2.10.9 and prior to 2.11.4, which stems from an attacker being able to fix session IDs, potentially...

CVE-2012-4383

contao prior to 2.11.4 has a sql injection vulnerability...

PT-2024-15707 · WordPress · Duitku Payment Gateway

Name of the Vulnerable Software and Affected Versions: Duitku Payment Gateway plugin for WordPress versions up to, and including, 2.11.4 Description: The issue is related to a missing capability check on the check duitku response function, allowing unauthenticated attackers to modify data...

WordPress Plugin Duitku Payment Gateway Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Duitku Payment Gateway < 2.11.7 - Missing Authorization via check_duitku_response

Description The Duitku Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkduitkuresponse function in all versions up to, and including, 2.11.4. This makes it possible for unauthenticated attackers to change the...

GHSA-9JQ2-JVWC-P52F Contao core SQL Injection Vulnerability

Contao core prior to 2.11.4 has a SQL injection vulnerability in contao-2.11.3\system\modules\backend\Ajax.php...

CVE-2020-28491

This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception...

CVE-2018-1113

CVE-2018-1113 summary (in provided documents): The Fedora/RHEL setup package before version 2.11.4-1.fc28 added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This undermines assumptions in pam_shells and some daemons that rely on a user’s shell being listed in /etc/shells, and under certain...

PYSEC-2017-148

Cross-site scripting XSS vulnerability in ZMI pages that use the managetabsmessage in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12...