744 matches found
CVE-2025-21545
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: OpenSearch. Supported versions that are affected are 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise...
CVE-2022-41906
OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin starting in 2.0.0 and prior to 2.2.1 could allow an existing...
CVE-2022-35980
OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Versions 2.0.0.0 and 2.1.0.0 of the security plugin are affected by an information disclosure vulnerability. Requests to an OpenSearch cluster configured with advanced access control features...
CVE-2025-23671
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sav WP OpenSearch wp-opensearch allows Stored XSS.This issue affects WP OpenSearch: from n/a through = 1.0...
CVE-2025-23671
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sav WP OpenSearch wp-opensearch allows Stored XSS.This issue affects WP OpenSearch: from n/a through = 1.0...
CVE-2025-23671 WordPress WP OpenSearch plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sav WP OpenSearch wp-opensearch allows Stored XSS.This issue affects WP OpenSearch: from n/a through = 1.0...
CVE-2025-23671
CVE-2025-23671 corresponds to a Stored XSS in the WP OpenSearch WordPress plugin (Fabio Savina) affecting WP OpenSearch versions n/a through 1.0. The Red Hat and CVE listings corroborate the issue as a cross-site scripting flaw arising from improper neutralization of input during web page generat...
CVE-2025-23671 WordPress WP OpenSearch plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fabio Savina WP OpenSearch allows Stored XSS. This issue affects WP OpenSearch: from n/a through 1.0...
WordPress plugin WP OpenSearch 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...
PT-2025-5009 · WordPress · Wp Opensearch
Name of the Vulnerable Software and Affected Versions: WP OpenSearch versions n/a through 1.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject...
GHSA-JCRP-X7W3-FFMG vulnerabilities
Vulnerabilities for packages: opensearch...
GHSA-JCRP-X7W3-FFMG vulnerabilities
Vulnerabilities for packages: opensearch...
CVE-2025-0851 vulnerabilities
Vulnerabilities for packages: opensearch...
CVE-2025-0851 vulnerabilities
Vulnerabilities for packages: opensearch...
The vulnerability of the OpenSearch Dashboards component in the Oracle PeopleSoft Enterprise PeopleTools business application package allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the OpenSearch Dashboards component in the Oracle PeopleSoft Enterprise PeopleTools business application suite exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information using...
Exploit for CVE-2024-54160
CVE-2024-54160-Opensearch-HTML-Injection + Stored XSS It w...
CVE-2024-55886
OpenSearch Data Prepper is a component of the OpenSearch project that accepts, filters, transforms, enriches, and routes data at scale. A vulnerability exists in the OpenTelemetry Logs source in Data Prepper starting inversion 2.1.0 and prior to version 2.10.2 where some custom authentication...
CVE-2024-55886
The CVE affects OpenSearch Data Prepper (OpenTelemetry Logs source) where custom GrpcAuthenticationProvider plugins that implement getHttpAuthenticationService() instead of getAuthenticationInterceptor() fail to perform authentication, allowing unauthorized data ingestion. Affected versions: 2.1....
CVE-2024-55886 OpenTelemetry Logs source may lack authentication with some custom plugins
OpenSearch Data Prepper is a component of the OpenSearch project that accepts, filters, transforms, enriches, and routes data at scale. A vulnerability exists in the OpenTelemetry Logs source in Data Prepper starting inversion 2.1.0 and prior to version 2.10.2 where some custom authentication...
OpenSearch Data Prepper 授权问题漏洞
OpenSearch Data Prepper is a component of the OpenSearch project, an OpenSearch open source project. An authorization issue vulnerability exists in OpenSearch Data Prepper version 2.1.0 through versions prior to 2.10.2, which stems from a vulnerability in which certain custom authentication...