6 matches found
CVE-2026-40501
Cherry Studio versions 1.2.2–1.9.12 contain a remote code execution vulnerability in the SearchService due to a nodeIntegration misconfiguration. When an Electron BrowserWindow is created with nodeIntegration enabled and contextIsolation disabled, control over search provider content (provided by...
CVE-2026-40501 Cherry Studio RCE via SearchService nodeIntegration Misconfiguration
Cherry Studio versions 1.2.2 through 1.9.12, fixed in commit 1518530, contain a remote code execution vulnerability in SearchService that allows remote attackers to execute arbitrary code by delivering malicious JavaScript through controlled search provider content loaded into an Electron...
CVE-2026-9152
A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requiring authentication, session tokens, or any form of identity verification. An unauthenticated network attacker who can reference a target workspace's...
CVE-2026-9152
A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requiring authentication, session tokens, or any form of identity verification. An unauthenticated network attacker who can reference a target workspace's...
The vulnerability of the RunSearch function of the SearchService service in the FactoryTalk AssetCentre software platform allows a perpetrator to execute arbitrary SQL commands.
The vulnerability of the RunSearch function in the SearchService service of the FactoryTalk AssetCentre software platform for centralized asset management involves a lack of measures to protect the SQL query structure. Exploiting this vulnerability could allow an attacker to execute arbitrary SQL...
CVE-2021-27472 Rockwell Automation FactoryTalk AssetCentre SQL Injection
A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements...