Lucene search
+L

6 matches found

CVE
CVE
added 3 days ago8 views

CVE-2026-40501

Cherry Studio versions 1.2.2–1.9.12 contain a remote code execution vulnerability in the SearchService due to a nodeIntegration misconfiguration. When an Electron BrowserWindow is created with nodeIntegration enabled and contextIsolation disabled, control over search provider content (provided by...

8.8CVSS6.7AI score0.00438EPSS
Exploits0References3
OSV
OSV
added 3 days ago3 views

CVE-2026-40501 Cherry Studio RCE via SearchService nodeIntegration Misconfiguration

Cherry Studio versions 1.2.2 through 1.9.12, fixed in commit 1518530, contain a remote code execution vulnerability in SearchService that allows remote attackers to execute arbitrary code by delivering malicious JavaScript through controlled search provider content loaded into an Electron...

8.6CVSS6.7AI score0.00438EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.14 views

CVE-2026-9152

A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requiring authentication, session tokens, or any form of identity verification. An unauthenticated network attacker who can reference a target workspace's...

10CVSS5.4AI score0.00339EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/21 12:47 a.m.8 views

CVE-2026-9152

A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requiring authentication, session tokens, or any form of identity verification. An unauthenticated network attacker who can reference a target workspace's...

10CVSS5.8AI score0.00339EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/05/21 12:0 a.m.10 views

The vulnerability of the RunSearch function of the SearchService service in the FactoryTalk AssetCentre software platform allows a perpetrator to execute arbitrary SQL commands.

The vulnerability of the RunSearch function in the SearchService service of the FactoryTalk AssetCentre software platform for centralized asset management involves a lack of measures to protect the SQL query structure. Exploiting this vulnerability could allow an attacker to execute arbitrary SQL...

10CVSS8.2AI score0.0532EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/03/23 7:46 p.m.27 views

CVE-2021-27472 Rockwell Automation FactoryTalk AssetCentre SQL Injection

A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements...

10CVSS10AI score0.0532EPSS
Exploits0References2
Rows per page
Query Builder