CVE-2023-35075

Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though...

CVE-2023-41336

ux-autocomplete is a JavaScript Autocomplete functionality for Symfony. Under certain circumstances, an attacker could successfully submit an entity id for an EntityType that is not part of the valid choices. The problem has been fixed in symfony/ux-autocomplete version 2.11.2...

CVE-2023-30149

SQL injection vulnerability in the City Autocomplete cityautocomplete module from ebewe.net for PrestaShop, prior to version 1.8.12 for PrestaShop version 1.5/1.6 or prior to 2.0.3 for PrestaShop version 1.7, allows remote attackers to execute arbitrary SQL commands via the type, inputname. or q...

CVE-2023-5485

Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. Chromium security severity: Low...

CVE-2022-30970

Jenkins Autocomplete Parameter Plugin 1.1 and earlier references Dropdown Autocomplete parameter and Auto Complete String parameter names in an unsafe manner from Javascript embedded in view definitions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with...

CVE-2022-4297

The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection...

CVE-2022-30969

A cross-site request forgery CSRF vulnerability in Jenkins Autocomplete Parameter Plugin 1.1 and earlier allows attackers to execute arbitrary code without sandbox protection if the victim is an administrator...

CVE-2014-8524

McAfee Network Data Loss Prevention NDLP before 9.3 does not disable the autocomplete setting for the password and other fields, which allows remote attackers to obtain sensitive information via unspecified vectors...

CVE-2012-1638

SQL injection vulnerability in the Search Autocomplete module before 7.x-2.1 for Drupal allows remote authenticated users with the "use searchautocomplete" permission to execute arbitrary SQL commands via unspecified vectors...

CVE-2012-2012

HP System Management Homepage SMH before 7.1.1 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation...

CVE-2019-8350

The Simple - Better Banking application 2.45.0 through 2.45.3 fixed in 2.46.0 for Android was affected by an information disclosure vulnerability that leaked the user's password to the keyboard autocomplete functionality. Third-party Android keyboards that capture the password may store this...

CVE-2019-15701

components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote attackers to execute arbitrary OS commands by spawning a child process as the current user on the victim's machine when the search function's autocomplete feature is used. The victim must import data from an Active Directory with a...

CVE-2018-7603

In Drupal's 3rd party module search auto complete prior to versions 7.x-4.8 there is a Cross Site Scripting vulnerability. This Search Autocomplete module enables you to autocomplete textfield using data from your website nodes, comments, etc.. The module doesn't sufficiently filter user-entered...

CVE-2014-5250

Unspecified vulnerability in the AJAX autocompletion callback in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to access data via unspecified vectors...

CVE-2012-0323

Cross-site scripting XSS vulnerability in the Autocomplete plugin before 3.0 for SquirrelMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2025-1504

The Post Lockdown plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.0.2 via the 'plautocomplete' AJAX action due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2025-25169

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rachel Cherry Authors Autocomplete Meta Box authors-autocomplete-meta-box allows Reflected XSS.This issue affects Authors Autocomplete Meta Box: from n/a through = 1.2...

Linux Distros Unpatched Vulnerability : CVE-2017-16544

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the addmatch function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a director...

CVE-2025-25169

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rachel Cherry Authors Autocomplete Meta Box authors-autocomplete-meta-box allows Reflected XSS.This issue affects Authors Autocomplete Meta Box: from n/a through = 1.2...

CVE-2025-25169 WordPress Authors Autocomplete Meta Box plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rachel Cherry Authors Autocomplete Meta Box authors-autocomplete-meta-box allows Reflected XSS.This issue affects Authors Autocomplete Meta Box: from n/a through = 1.2...