Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/05/14 7:58 p.m.7 views

CVE-2026-41132

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, the configured SMTP server may be spoofed with any certificate e.g. self-signed, leaving credentials and all emails sent open to MITM attacks. This vulnerability is fixed in...

8.7CVSS5.8AI score0.00194EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.14 views

CKAN 安全漏洞

CKAN is an open-source data management system developed by CKAN itself. It is used to power data centers and data portals. Versions of CKAN prior to 2.10.10 and 2.11.5 contained security vulnerabilities. These vulnerabilities stemmed from a vulnerability in datastoresearchsql, which allowed...

9.1CVSS5.8AI score0.00367EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.13 views

PT-2026-36110

Name of the Vulnerable Software and Affected Versions CKAN versions prior to 2.10.10 CKAN versions prior to 2.11.5 Description A SQL injection flaw exists in the datastore search sql function. This allows attackers to inject SQL commands to gain unauthorized access to private resources and...

8.3CVSS5.8AI score0.01815EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/04/25 2:30 p.m.6 views

CVE-2026-6982 star7th ShowDoc API Page Sort Endpoint PageController.class.PHP sql injection

A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the argument pages ca...

6.5CVSS6.3AI score0.00241EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/24 6:44 p.m.19 views

CVE-2026-33769 Astro: Remote allowlist bypass via unanchored matchPathname wildcard

Astro is a web framework. From version 2.10.10 to before version 5.18.1, this issue concerns Astro's remotePatterns path enforcement for remote URLs used by server-side fetchers such as the image optimization endpoint. The path matching logic for / wildcards is unanchored, so a pathname that...

6.3CVSS0.00325EPSS
Exploits1References1
OSV
OSV
added 2026/03/24 6:44 p.m.6 views

CVE-2026-33769 Astro: Remote allowlist bypass via unanchored matchPathname wildcard

Astro is a web framework. From version 2.10.10 to before version 5.18.1, this issue concerns Astro's remotePatterns path enforcement for remote URLs used by server-side fetchers such as the image optimization endpoint. The path matching logic for / wildcards is unanchored, so a pathname that...

6.3CVSS5.9AI score0.00325EPSS
Exploits1References3
Rows per page
Query Builder