Lucene search
K

238 matches found

NVD
NVD
added 2 days ago9 views

CVE-2026-15477

A vulnerability was detected in Bahmni bahmnicore up to 0.93. This affects the function additionalParams of the file /openmrs/ws/rest/v1/bahmnicore/sql of the component Search Endpoint. Performing a manipulation of the argument test results in sql injection. The attack can be initiated remotely...

6.5CVSS0.00319EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-15477 Bahmni bahmnicore Search Endpoint sql additionalParams sql injection

A vulnerability was detected in Bahmni bahmnicore up to 0.93. This affects the function additionalParams of the file /openmrs/ws/rest/v1/bahmnicore/sql of the component Search Endpoint. Performing a manipulation of the argument test results in sql injection. The attack can be initiated remotely...

6.5CVSS0.00319EPSS
Exploits0References6
NVD
NVD
added 5 days ago5 views

CVE-2026-59834

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the block search endpoint POST /api/search/fullTextSearchBlock concatenates attacker-controlled paths values into SQL predicates used by non-SQL search modes, allowing an unauthenticated publish visitor to inject a UNI...

7.5CVSS0.0038EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42499

A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the search parameter of the allContactSearch endpoint...

6.3CVSS7.5AI score0.00157EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-260 Aim Web API vulnerable to Remote Code Execution

A critical Remote Code Execution RCE vulnerability was identified in the aimhubio/aim project, specifically within the /api/runs/search/run/ endpoint, affecting versions = 3.0.0. The vulnerability resides in the runsearchapi function of the aim/web/api/runs/views.py file, where improper restricti...

9.8CVSS8AI score0.018EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/19 4:41 p.m.10 views

EUVD-2017-19004

Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the searchauthor parameter on the search results page. Attackers can inject SQL code through POST requests to the search endpoint to extract database information using boolean-based blind SQL injection techniques...

8.8CVSS6AI score0.00253EPSS
Exploits0References4
CVE
CVE
added 2026/06/19 4:41 p.m.13 views

CVE-2017-20277

The CVE-2017-20277 entry concerns Joomla JoomRecipe 1.0.4. The connected Attackerkb entry confirms a bona fide vulnerability: a blind SQL injection in the search_author parameter on the search results page. Exploitation is described as sending POST requests to the search endpoint to perform boole...

8.8CVSS6AI score0.00253EPSS
Exploits0References4
NVD
NVD
added 2026/06/12 6:16 p.m.16 views

CVE-2026-47216

Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is an unauthenticated denial-of-service vulnerability in the /multisearch endpoint. A specially crafted request can trigger an unhandled exception during request processing, causing the server process to...

8.7CVSS0.00336EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 5:12 p.m.13 views

EUVD-2026-36512

Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is an unauthenticated denial-of-service vulnerability in the /multisearch endpoint. A specially crafted request can trigger an unhandled exception during request processing, causing the server process to...

8.7CVSS5.3AI score0.00336EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 5:12 p.m.107 views

CVE-2026-47216 Typesense: Unauthenticated Denial of Service in the Typesense /multi_search Endpoint

Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is an unauthenticated denial-of-service vulnerability in the /multisearch endpoint. A specially crafted request can trigger an unhandled exception during request processing, causing the server process to...

8.7CVSS5.3AI score0.00336EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 5:12 p.m.49 views

CVE-2026-47216

Typesense has an unauthenticated denial-of-service vulnerability in the /multi_search endpoint, affecting versions prior to 29.1 and 30.2. A crafted request can trigger an unhandled exception during request processing, terminating the server process and causing service unavailability. The issue i...

8.7CVSS5.3AI score0.00336EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.21 views

PT-2026-48943

Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is an unauthenticated denial-of-service vulnerability in the /multi search endpoint. A specially crafted request can trigger an unhandled exception during request processing, causing the server process to...

8.7CVSS5.3AI score0.00336EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 5:17 p.m.13 views

CVE-2026-49956

Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to...

7.1CVSS0.00272EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-47854

Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to...

7.1CVSS5.5AI score0.00272EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.15 views

CVE-2026-33146

Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets through the public search endpoint POST /api/search/share-search for publicly shared content. This...

4.3CVSS5.4AI score0.00213EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.8 views

CVE-2026-46372

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern exposes /api/search/searxng, which accepts attacker-controlled baseUrl and uses it...

8.5CVSS5.5AI score0.00866EPSS
Exploits0References1
OSV
OSV
added 2026/06/04 7:27 p.m.9 views

GHSA-8V9P-G828-V98F Shopware: Admin Account Takeover via User Recovery Hash Exposure

Summary A low-privilege admin user with userrecovery:read ACL can take over any admin account. The attacker triggers password recovery for the victim unauthenticated endpoint, reads the recovery hash from the Admin API search endpoint, then uses the hash to reset the victim's password another...

6.8CVSS5.8AI score0.00034EPSS
Exploits0References4
NVD
NVD
added 2026/05/29 7:16 p.m.17 views

CVE-2026-46372

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern exposes /api/search/searxng, which accepts attacker-controlled baseUrl and uses it...

8.5CVSS0.00866EPSS
Exploits0References1
NVD
NVD
added 2026/05/25 3:16 p.m.16 views

CVE-2018-25364

Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including username...

8.8CVSS0.00337EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/25 2:15 p.m.9 views

CVE-2018-25364

Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including username...

8.8CVSS6.2AI score0.00337EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder