CKAN has Unauthenticated Authorization Bypass in `datastore_search_sql`

Impact A vulnerability in datastoresearchsql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information Patches The issue has been patched in CKAN 2.10.10 and CKAN 2.11.5 Workarounds Disable the DataStore SQL search...

CVE-2025-57756

Contao CMS vulnerability CVE-2025-57756: Protected content elements rendered as fragments are indexed by the front-end search, exposing content publicly. Affected versions range from 4.9.14 up to before 4.13.56, 5.3.38, and 5.6.1. The issue is fixed in 4.13.56, 5.3.38, and 5.6.1. Workaround: disa...

PT-2025-35102

Name of the Vulnerable Software and Affected Versions: Contao versions prior to 4.13.56 Contao versions prior to 5.3.38 Contao versions prior to 5.6.1 Contao versions starting from 4.9.14 through 5.6.1 Description: Protected content elements rendered as fragments are indexed and become publicly...

PT-2025-5695 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.7 through 16.9.7 GitLab CE/EE versions 16.10 through 16.10.5 GitLab CE/EE versions 16.11 through 16.11.2 Description: An issue has been discovered in GitLab CE/EE that could allow an attacker to cause a denial of...

PT-2024-17926 · Unknown · Phpgurukul Land Record System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Land Record System version 1.0 Description: A vulnerability was found in the PHPGurukul Land Record System, affecting some unknown processing of the file /admin/search-property.php. The manipulation of the Search By argument leads ...

PT-2024-25123 · Roothub · Roothub

Name of the Vulnerable Software and Affected Versions: Roothub version 2.6 Description: A SQL injection issue was discovered in Roothub via the s parameter in the search function. This allows for potential exploitation. No information is provided about the estimated number of potentially affected...

PT-2024-28998 · Unknown · Kashipara Online Furniture Shopping Ecommerce Website

Name of the Vulnerable Software and Affected Versions: Kashipara Online Furniture Shopping Ecommerce Website version 1.0 Description: A vulnerability was found in the file search.php, where the manipulation of the txtSearch argument leads to cross site scripting. It is possible to launch the atta...

PT-2024-1852 · Basercms · Basercms

Name of the Vulnerable Software and Affected Versions: baserCMS versions prior to 5.0.9 Description: The issue is related to an OS Command Injection vulnerability in the site search feature of baserCMS. This vulnerability can be exploited by a remote attacker to execute arbitrary commands. The...

PT-2023-23382 · Dedebiz · Dedebiz

Name of the Vulnerable Software and Affected Versions: DedeBIZ version 6.0.3 Description: The issue allows attackers to run arbitrary code via the search feature. This is a Cross Site Scripting XSS issue, which means attackers can execute scripts in the context of another user's session,...

PT-2023-20735 · Unknown · Sourcecodester Online Computer/Laptop Store

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Computer and Laptop Store version 1.0 Description: A problematic issue was found in the products.php file, where the manipulation of the search argument leads to cross-site scripting. This can be exploited remotely...

PT-2023-16730 · Sourcecodester · Sourcecodester Doctors Appointment System

Name of the Vulnerable Software and Affected Versions: SourceCodester Doctors Appointment System version 1.0 Description: A critical issue has been found in the Parameter Handler component of the /admin/patient.php file, where the manipulation of the search argument leads to sql injection. This...

PT-2022-25850 · Perfsonar · Perfsonar

Name of the Vulnerable Software and Affected Versions: perfSONAR versions 4.x through 4.4.5 Description: The issue is a Cross-Site Request Forgery CSRF that occurs when an attacker injects crafted input into the Search function. Recommendations: For versions 4.x through 4.4.5, consider disabling...

UBUNTU-CVE-2022-31187

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions were found to not properly neutralize HTML tags in the global search context. Users...

Sun iPlanet and ONE Web Servers contain a buffer overflow in the search engine

Overview The Sun iPlanet Web Server and Sun ONE Web Server both ship with a search engine that is not enabled by default. A remotely exploitable buffer overflow exists in the search engine that could permit an attacker to execute arbitrary code on the system. Description The Sun iPlanet Web Serve...