CVE-2024-51692

CVE-2024-51692 (Bing Search API Integration, WordPress) is a reflected XSS vulnerability in the Bing Search API Integration plugin (Askew Brook) that could allow an attacker to inject and execute script during page generation. It affects the plugin version range from earlier releases up to 0.3.3....

CVE-2024-51692 WordPress Bing Search API Integration plugin <= 0.3.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in askewbrook Bing Search API Integration abbs-bing-search allows Reflected XSS.This issue affects Bing Search API Integration: from n/a through = 0.3.3...

WordPress plugin Bing Search API Integration 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

GHSA-8PMP-678W-C8XX gitsign may use incorrect Rekor entries during verification

Summary gitsign may select the wrong Rekor entry to use during online verification when multiple entries are returned by the log. Details gitsign uses Rekor's search API to fetch entries that apply to a signature being verified. The parameters used for the search are the public key and the payloa...

WordPress Bing Search API Integration plugin <= 0.3.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Bing Search API Integration versions = 0.3.3...

PT-2024-28783 · Unknown · Microweber

Name of the Vulnerable Software and Affected Versions: microweber versions 2.0.15 and earlier Description: A Reflected Cross-site scripting XSS issue exists in the "/search" API endpoint, allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the keywords parameter...

The vulnerability of the run_search_api function in the software for monitoring and registering machine learning experiments, Aim, allows a violator to execute arbitrary code.

The vulnerability of the runsearchapi function in the software for monitoring and registering machine learning experiments of the Aim system is related to improper code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code through the query parameter...

CVE-2024-29023 Session Hijacking via token exposure on the session page in Xibo CMS

Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. Session tokens are exposed in the return of session search API call on the sessions page. Subsequently they can be exfiltrated and used to hijack a session. Users must be...

Improper Authorization

github.com/hashicorp/nomad is vulnerable to Improper Authorization. The vulnerability is due to a lack of proper access controls in the search HTTP API, allowing unauthenticated users or users without the necessary policy to view the names of available CSI plugins...

SUSE CVE-2024-23446

An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security DLS or Field-level security FLS when querying the .alerts-security.alerts-spaceid indices. Users who are authorized to call this API may obtain unauthorized access to documents if...

Kibana 8.12.1 Security Update (ESA-2024-01)

Kibana Broken Access Control issue ESA-2024-01 An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security DLS or Field-level security FLS when querying the .alerts-security.alerts-spaceid indices. Users who are authorized to call this API...

GHSA-6G3J-P5G6-992F OpenSearch StackOverflow vulnerability

Impact A flaw was discovered in OpenSearch, affecting the search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service. The issue was identified by Elastic Engineering and corresponds to security advisory ESA-2023-14 CVE-2023-31419...

CVE-2023-46356

In the module "CSV Feeds PRO" csvfeeds before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method SearchApiCsv::getProducts has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...

CVE-2023-46356

In the module "CSV Feeds PRO" csvfeeds before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method SearchApiCsv::getProducts has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...

Denial Of Service (DoS)

elasticsearch is vulnerable to Denial of service attack. The vulnerability is due to the search API which allows specially crafted query strings to cause a stack overflow...

Elasticsearch vulnerable to stack overflow in the search API

A flaw was discovered in Elasticsearch affecting the search API that allowed a specially crafted query string to cause a stack overflow and ultimately a denial of service...

UBUNTU-CVE-2023-31419

A flaw was discovered in Elasticsearch, affecting the search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service...

Elasticsearch Buffer Error Vulnerability

Elasticsearch is a search engine based on the Lucene library. Elasticsearch suffers from a buffer error vulnerability that stems from the search API allowing specially crafted query strings to cause a stack overflow and ultimately a denial of service...

Elasticsearch 8.9.1 / 7.17.13 Security Update

Elasticsearch StackOverflow vulnerability ESA-2023-14 A flaw was discovered in Elasticsearch, affecting the search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service. Affected Versions: Elasticsearch versions from 7.0.0 to 7.17.12 and fr...

CVE-2023-39643

Bl Modules xmlfeeds before v3.9.8 was discovered to contain a SQL injection vulnerability via the component SearchApiXml::Xmlfeeds...