CVE-2026-34258

SAPUI5 Search UI allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low...

CVE-2026-34258 Content Spoofing vulnerability in SAPUI5 (Search UI)

SAPUI5 Search UI allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low...

CVE-2026-34258 Content Spoofing vulnerability in SAPUI5 (Search UI)

SAPUI5 Search UI allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low...

PT-2026-39919

SAPUI5 Search UI allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low...

EUVD-2024-18881

Malicious code in bioql PyPI...

Malicious code in answers-search-ui (npm)

The package answers-search-ui was found to contain malicious code...

MAL-2025-14555 Malicious code in answers-search-ui (npm)

The package answers-search-ui was found to contain malicious code...

Malicious code in vue-search-ui-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5eba39e62ce67a90fdd330c95bec218d75c2ddbb0e16d24625081c96a115a046 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1266 Malicious code in vue-search-ui-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5eba39e62ce67a90fdd330c95bec218d75c2ddbb0e16d24625081c96a115a046 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-53253

CVE-2024-53253 affects Sentry v24.11.0 (self-hosted); a specific error message could leak plaintext integration Client ID and Client Secret in an HTTP response when a failing third‑party response triggers select-requester.invalid-response during a Search UI async flow. The leak does not grant dat...

PT-2024-35692 · Sentry · Sentry

Name of the Vulnerable Software and Affected Versions: Sentry version 24.11.0 Description: Sentry is an error tracking and performance monitoring platform. A specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret for an application integratio...

The vulnerability of the Party Search UI component of the software for working with customers in Oracle Trading Community, a business automation system from Oracle E-Business Suite, allows a malicious individual to gain unauthorized access to read, create, modify, or delete data.

The vulnerability of the Party Search UI component of the software for working with Oracle Trading Community clients, a business automation system within the Oracle E-Business Suite, is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker,...

Malicious code in confluence-search-ui (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-21167

Vulnerability in the Oracle Trading Community product of Oracle E-Business Suite component: Party Search UI. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Trading Community...

XWiki Platform Security Vulnerability

XWiki Platform is the XWiki Foundation's suite of Wiki platforms for creating collaborative Web applications. A security vulnerability exists in XWiki Platform that stems from a failure of the search management interface to properly escape the id and label of a search user interface extension,...

CVE-2023-48301 Nextcloud Server HTML injection in search UI when selecting a circle with HTML in the display name

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, an attacker could insert links into circles name that would be opened when clickin...

CVE-2023-48301 Nextcloud Server HTML injection in search UI when selecting a circle with HTML in the display name

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, an attacker could insert links into circles name that would be opened when clickin...

HTML injection in search UI when selecting a circle with HTML in the display name

None...

Nextcloud Security Breach

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. A security vulnerability exists in Nextcloud Server that originates from allowing an attacker to inject HTML code in the search UI. Affected products and...

Malicious code in watchman-search-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a9d31c46bc906a3eeb18b4852518f529d915f87ab7935775541759d38c18151e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...