Lucene search
+L

6 matches found

CVE
CVE
added yesterday23 views

CVE-2026-49211

The CVE-2026-49211 issue affects Symfony UX Autocomplete for Doctrine EntitySearchUtil::addSearchClause(), which builds a LIKE expression by wrapping the client query in %...% without escaping SQL LIKE wildcards. This allows unauthenticated users to turn the public BaseEntityAutocompleteType endp...

6.9CVSS5.6AI score
Exploits0References4
Snyk
Snyk
added 2026/05/29 10:41 a.m.8 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic in the EntitySearchUtil::addSearchClause function in the autocomplete endpoint. The endpoint constructs SQL query with LIKE expression without escaping the SQL LIKE wildcar...

8.7CVSS5.6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/13 7:31 p.m.11 views

CVE-2025-53857

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint...

3.7CVSS7.1AI score0.00206EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/11 6:57 p.m.54 views

CVE-2025-53857 Lack of Authorization on Get Channel Subscriptions for Autocomplete in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint...

3.7CVSS0.00206EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/11 6:57 p.m.4 views

CVE-2025-53857 Lack of Authorization on Get Channel Subscriptions for Autocomplete in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint...

3.7CVSS7.1AI score0.00206EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/13 12:0 a.m.5 views

PT-2025-1476 · Unknown · Selesta Visual Access Manager

The software that is vulnerable is Selesta Visual Access Manager, specifically versions less than 4.42.2. The vulnerability is a Cross Site Scripting XSS vulnerability that can be exploited via the /common/autocomplete.php file. This vulnerability has been assigned the CVE identifier...

6.1CVSS5.9AI score0.00228EPSS
Exploits0References5
Rows per page
Query Builder