214 matches found
CVE-2024-53305
An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query...
GHSA-2689-CW26-6CPJ Whoogle allows attackers to execute arbitrary code via supplying a crafted search query
An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query...
CVE-2024-53305
An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query...
CVE-2025-30352
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0-alpha.4 and prior to version 11.5.0, the search query parameter allows users with access to a collection to filter items based on fields they do not have permission to view. This allows the...
Directus `search` query parameter allows enumeration of non permitted fields
Summary The search query parameter allows users with access to a collection to filter items based on fields they do not have permission to view. This allows the enumeration of unknown field contents. Details The searchable columns numbers & strings are not checked against permissions when injecti...
CVE-2025-30352 Directus `search` query parameter allows enumeration of non permitted fields
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0-alpha.4 and prior to version 11.5.0, the search query parameter allows users with access to a collection to filter items based on fields they do not have permission to view. This allows the...
CVE-2025-30352 Directus `search` query parameter allows enumeration of non permitted fields
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0-alpha.4 and prior to version 11.5.0, the search query parameter allows users with access to a collection to filter items based on fields they do not have permission to view. This allows the...
CVE-2025-30352
CVE-2025-30352 affects Directus real-time API/dashboard. Versions 9.0.0-alpha.4 through 11.5.0 are vulnerable due to the search query parameter not checking view permissions when constructing WHERE clauses, allowing enumeration of contents in fields the user should not see. The underlying issue i...
Splunk Enterprise和Splunk Cloud Platform 安全漏洞
Splunk Cloud Platform and Splunk Enterprise are both products of Splunk Corporation, U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. A security vulnerability exists in Splunk...
New Malware Hits 300,000 Users with Rogue Chrome and Edge Extensions
An ongoing, widespread malware campaign has been observed installing rogue Google Chrome and Microsoft Edge extensions via a trojan distributed via fake websites masquerading as popular software. "The trojan malware contains different deliverables ranging from simple adware extensions that hijack...
CVE-2024-39317 Wagtail regular expression denial-of-service via search query parsing
Wagtail is an open source content management system built on Django. A bug in Wagtail's parsequerystring would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, parsequerystring would take an unexpectedl...
GHSA-JMP3-39VP-FWG8 Wagtail regular expression denial-of-service via search query parsing
Impact A bug in Wagtail's parsequerystring would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, parsequerystring would take an unexpectedly large amount of time to process, resulting in a denial of...
Wagtail regular expression denial-of-service via search query parsing
Impact A bug in Wagtail's parsequerystring would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, parsequerystring would take an unexpectedly large amount of time to process, resulting in a denial of...
U.S. Dept Of Defense: Reflected Cross-site Scripting via search query on ██████
The summary is as follows: A reflected cross-site scripting vulnerability was discovered in the search query functionality of the ████████ website. An attacker could execute arbitrary JavaScript code in the victim's browser by injecting malicious payload into the search query parameter...
GLSA-202401-10 : Mozilla Firefox: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202401-10 Mozilla Firefox: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description...
SUSE CVE-2023-4579
Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox 117...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox, which stems from the fact that a search query in the default search engine may appear to be the URL of the current navigation if the search query...
Mozilla Firefox < 117.0
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 117.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-34 advisory. - Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs show...
miniCal SQL注入漏洞
miniCal is miniCal open source an open source PMS. miniCal version 1.0.0 SQL injection vulnerability , the vulnerability stems from the file /booking/showbookings/ parameter searchquery lack of validation of external input SQL statements , an attacker can use this vulnerability to execute illegal...
CVE-2023-2785
Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files which can result in Denial of Service...