11 matches found
CVE-2026-41132
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, the configured SMTP server may be spoofed with any certificate e.g. self-signed, leaving credentials and all emails sent open to MITM attacks. This vulnerability is fixed in...
CKAN 安全漏洞
CKAN is an open-source data management system developed by CKAN itself. It is used to power data centers and data portals. Versions of CKAN prior to 2.10.10 and 2.11.5 contained security vulnerabilities. These vulnerabilities stemmed from a vulnerability in datastoresearchsql, which allowed...
PT-2026-36110
Name of the Vulnerable Software and Affected Versions CKAN versions prior to 2.10.10 CKAN versions prior to 2.11.5 Description A SQL injection flaw exists in the datastore search sql function. This allows attackers to inject SQL commands to gain unauthorized access to private resources and...
CVE-2025-7425 affecting package libxml2 for versions less than 2.11.5-8
CVE-2025-7425 affecting package libxml2 for versions less than 2.11.5-8. A patched version of the package is available...
EUVD-2025-8216
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-30164
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13...
SUSE CVE-2025-27404
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a URL that, once visited by any user, allows to embed arbitrary Javascript into Icinga Web and to act on behalf of tha...
CVE-2025-27609 Icinga Web 2 Vulnerable to Reflected XSS
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a request that, once transmitted to a victim's Icinga Web, allows to embed arbitrary Javascript into it and to act on...
Icinga Web 2 跨站脚本漏洞
Icinga Web 2 is an open source monitoring and metrics solution from Icinga Open Source. A cross-site scripting vulnerability exists in Icinga Web 2 versions prior to 2.11.5 and prior to 2.12.13, which stems from embeddable arbitrary Javascript that could lead to user identity impersonation...
libxml2 Resource Management Error Vulnerability
libxml2 is an open source library used to parse XML documents . It is written in C and can be called by many languages, such as C, C++, XSH. A security vulnerability exists in libxml2 version 2.11.5 and earlier, which stems from a post-release reuse vulnerability...
phpMyAdmin $_REQUEST参数SQL注入漏洞
BUGTRAQ ID: 28068 phpMyAdmin是用PHP编写的工具,用于通过WEB管理MySQL。 phpMyAdmin使用$REQUEST而不是$GET和$POST变量作为其参数来源,并且在SQL查询中未经过滤便使用了参数,如果用户受骗访问了恶意网站的话,就可能导致SQL注入攻击。 phpMyAdmin phpMyAdmin 2.11.5 厂商补丁: phpMyAdmin ---------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...