Lucene search
K

152 matches found

NVD
NVD
added 2 days ago4 views

CVE-2026-50679

Heap-based buffer overflow in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00318EPSS
Exploits0References1
NVD
NVD
added 2 days ago3 views

CVE-2026-50373

Improper access control in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00284EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago4 views

PT-2026-58499

Name of the Vulnerable Software and Affected Versions Microsoft Windows Search Component affected versions not specified Description A heap-based buffer overflow in the Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally. This issue enables a low-privile...

7.8CVSS6.1AI score0.00318EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.12 views

CVE-2026-10721

Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7 f...

8.4CVSS5.5AI score0.0014EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 8:16 a.m.12 views

CVE-2026-10721

Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7...

8.4CVSS0.0014EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 6:59 a.m.10 views

EUVD-2026-35994

Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7...

8.4CVSS5.5AI score0.0014EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 6:59 a.m.10 views

CVE-2026-10721 Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the in Permission, Cache, and Search components

Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7...

8.4CVSS5.5AI score0.0014EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 6:59 a.m.36 views

CVE-2026-10721

Concrete CMS

8.4CVSS5.5AI score0.0014EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 6:59 a.m.3 views

CVE-2026-10721 Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the in Permission, Cache, and Search components

Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7...

8.4CVSS6AI score0.0014EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.22 views

PT-2026-48390

Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7...

8.4CVSS5.5AI score0.0014EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/03 12:30 a.m.14 views

EUVD-2026-34056

A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component startsearch. Performing a manipulation of the argument SearchResult results in inefficient regular expression complexity. It is...

5.3CVSS5.4AI score0.00354EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/05/08 10:39 p.m.12 views

CVE-2026-8011

An insufficient policy enforcement flaw was found in the Search component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496626029...

6.5CVSS5.7AI score0.00163EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/15 7:23 p.m.6 views

CVE-2026-27909

Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.01771EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/14 6:30 p.m.8 views

EUVD-2026-22447

Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally...

7.8CVSS5.7AI score0.01771EPSS
Exploits0References2
NVD
NVD
added 2026/04/14 6:16 p.m.5 views

CVE-2026-27909

Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally...

7.8CVSS0.01771EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/04/14 2:0 p.m.9 views

Windows Search Service Elevation of Privilege Vulnerability

Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally...

7.8CVSS6.2AI score0.01771EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.8 views

Microsoft Windows 资源管理错误漏洞

Microsoft Windows is an operating system used by personal devices by the American company Microsoft. The Microsoft Windows Search Component has a resource management vulnerability. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are affected...

7.8CVSS5.8AI score0.01771EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.10 views

PT-2026-32771

CVE-2026-27909 Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally. https://t.co/EEmqZf1GgX...

7.8CVSS6.2AI score0.01771EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/10 2:12 a.m.5 views

CVE-2026-3791

A vulnerability has been found in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file dashboard.php of the component Search. The manipulation of the argument searchtxt leads to sql injection. The attack is possible to be carried out...

8.8CVSS6.4AI score0.00295EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/08 12:0 a.m.15 views

PT-2026-6954

Name of the Vulnerable Software and Affected Versions BurtTheCoder mcp-maigret versions through 1.0.12 Description A flaw exists in the component search username within the file src/index.ts. Manipulating the Username argument can result in command injection, potentially allowing for remote...

6.5CVSS5.3AI score0.01741EPSS
Exploits0References10
Rows per page
Query Builder