CVE-2025-61872

Mahara before 25.04.2 and 24.04.11 are vulnerable to displaying results that can trigger XSS via a malicious search query string. This occurs in the 'search site' feature when using the Elasticsearch7 search plugin. The Elasticsearch function does not properly sanitize input in the query paramete...

CVE-2025-61872

Mahara before 25.04.2 and 24.04.11 are vulnerable to displaying results that can trigger XSS via a malicious search query string. This occurs in the 'search site' feature when using the Elasticsearch7 search plugin. The Elasticsearch function does not properly sanitize input in the query paramete...

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual FAQ system developed by Thorsten Rinne. It is entirely database-driven. Versions of phpMyFAQ prior to 4.1.1 contained a security vulnerability; this vulnerability stemmed from the lack of escaping of SQL LIKE wildcards in search queries, which could lead to information...

Information Disclosure

Directus is vulnerable to information disclosure. The vulnerability is due to improper filtering of concealed fields in search queries, which allows an authenticated attacker to infer matches from returned records and enumerate sensitive data even though the values appear masked...

SageMaker Python SDK replaced eval() with safe parser in JumpStart search functionality

Summary This advisory addresses the use of the searchhub function within the SageMaker Python SDK's JumpStart search functionality. An actor with the ability to control query parameters passed to the searchhub function could potentially provide malformed input that causes the eval function to...

CVE-2026-20137

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles could bypass the SPL safeguards for risky...

CVE-2025-13109

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.2 via the "woofaddquery" and "woofremovequery" functions due to missing validation on a user controlled key. This makes it...

EUVD-2004-1781

Malware in sbrugna...

EUVD-2020-18958

Malware in sbrugna...

EUVD-2024-51915

Malicious code in bioql PyPI...

EUVD-2022-5987

Malicious code in bioql PyPI...

LOKI: Proactively Discovering Online Scam Websites by Mining Toxic Search Queries

Online e-commerce scams, ranging from shopping scams to pet scams, globally cause millions of dollars in financial damage every year. In response, the security community has developed highly accurate detection systems able to determine if a website is fraudulent. However, finding candidate scam...

Sensitive Information Disclosure

org.opensearch.plugin:opensearch-security is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper enforcement of Field Level Security FLS rules due to member attributes of excluded objects still being accessible through search queries, allowing reconstruction of...

Behind the Booking: How Bots Are Undermining Airline Revenue

The airline industry is under constant attack from malicious bots. Bad actors use automation to scrape fares, hoard inventory, commit fraud, and compromise customer accounts. While every airline faces its own unique challenges, the business impacts are remarkably consistent—lost revenue, inflated...

CVE-2022-36922

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the 'search' result page, resulting in a reflected cross-site scripting XSS vulnerability...

CVE-2021-32848

Octobox is software for managing GitHub notifications. Prior to pull request PR 2807, a user of the system can provide a specifically crafted search query string that will trigger a ReDoS vulnerability. This issue is fixed in PR 2807...

CVE-2021-20183

It was found in Moodle before version 3.10.1 that some search inputs were vulnerable to reflected XSS due to insufficient escaping of search queries...

Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices

This GitHub repository provides a range of search queries, known as "dorks," for Shodan, a powerful tool used to search for Internet-connected devices. The dorks are designed to help security researchers discover potential vulnerabilities and configuration issues in various types of devices such ...

Whoogle allows attackers to execute arbitrary code via supplying a crafted search query

An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query...

BIT-ELASTICSEARCH-2020-7020

Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documen...