CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21 matches found

RedhatCVE•added 2026/01/09 9:13 a.m.•4 views

CVE-2022-31022

Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index resides, if the user has used bleve’s own HTTP bleve/http handlers fo...

6.2CVSS6.8AI score0.00219EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•0 views

EUVD-2022-6017

Malicious code in bioql PyPI...

6.2CVSS5.9AI score0.00219EPSS

Exploits0References6

SUSE CVE•added 2025/07/04 3:2 p.m.•1 views

SUSE CVE-2022-31022

Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node's filesystem where the bleve index resides, if the user has used bleve's own HTTP bleve/http handlers fo...

5.5CVSS5.7AI score0.00219EPSS

Exploits0References2

Tenable Nessus•added 2025/03/05 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2022-31022

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pav...

6.2CVSS5.7AI score0.00219EPSS

Exploits0References3

OSV•added 2022/07/15 11:29 p.m.•29 views

GO-2022-0470 No access control in github.com/blevesearch/bleve and bleve/v2

HTTP handlers provide unauthenticated access to the local filesystem. The Bleve http package is intended for demonstration purposes and contains no authentication, authorization, or validation of user inputs. Exposing handlers from this package can permit attackers to create files and delete...

6.2CVSS5.8AI score0.00219EPSS

Exploits0References1

OSV•added 2022/06/03 10:17 p.m.•29 views

GHSA-9W9F-6MG8-JP7W Missing Role Based Access Control for the REST handlers in bleve/http package

Impact What kind of vulnerability is it? Who is impacted? Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. https://github.com/blevesearch/bleve-explorer These HTTP methods paves way for exploitation of a node’s filesystem where the bleve index...

5.5CVSS5.8AI score0.00219EPSS

Exploits0References6

Github Security Blog•added 2022/06/03 10:17 p.m.•31 views

Missing Role Based Access Control for the REST handlers in bleve/http package

6.2CVSS5.9AI score0.00219EPSS

Exploits0References6Affected Software2

Veracode•added 2022/06/02 2:32 a.m.•18 views

Authentication Bypass

github.com/blevesearch/bleve is vulnerable to authentication bypass. The vulnerability exists due to the missing role-based access control for rest handlers in indexcreate.go and indexdelete.go, allowing an attacker to recursively write and delete any directory in the server by using the same...

6.2CVSS5.7AI score0.00219EPSS

Exploits0References3Affected Software1

OSV•added 2022/06/01 8:15 p.m.•2 views

DEBIAN-CVE-2022-31022

5.5CVSS5.7AI score0.00219EPSS

Exploits0References1

NVD•added 2022/06/01 8:15 p.m.•12 views

CVE-2022-31022

6.2CVSS0.00219EPSS

Exploits0References3

Prion•added 2022/06/01 8:15 p.m.•14 views

Authorization

2.1CVSS5.5AI score0.00219EPSS

Exploits0References2Affected Software1

UbuntuCve•added 2022/06/01 8:15 p.m.•17 views

CVE-2022-31022

6.2CVSS6.2AI score0.00219EPSS

Exploits0References2

OSV•added 2022/06/01 8:15 p.m.•1 views

UBUNTU-CVE-2022-31022

6.2CVSS5.8AI score0.00219EPSS

Exploits0References3

OSV•added 2022/06/01 7:45 p.m.•17 views

CVE-2022-31022 Missing Role Based Access Control for the REST handlers in bleve/http package

6.2CVSS6AI score0.00219EPSS

Exploits0References5

Vulnrichment•added 2022/06/01 7:45 p.m.•3 views

CVE-2022-31022 Missing Role Based Access Control for the REST handlers in bleve/http package

6.2CVSS5.9AI score0.00219EPSS

Exploits0References3

Cvelist•added 2022/06/01 7:45 p.m.•13 views

CVE-2022-31022 Missing Role Based Access Control for the REST handlers in bleve/http package

6.2CVSS6.6AI score0.00219EPSS

Exploits0References3

CVE•added 2022/06/01 7:45 p.m.•321 views

CVE-2022-31022

This CVE affects Bleve’s http package (bleve/http) used by its sample app. The CreateIndexHandler and DeleteIndexHandler allowed a user with server write access to create a new index directory and recursively delete directories owned by the same user, potentially exposing local filesystem risk. V...

6.2CVSS5.9AI score0.00219EPSS

Exploits0References3Affected Software1

Debian CVE•added 2022/06/01 7:45 p.m.•25 views

CVE-2022-31022

6.2CVSS6AI score0.00219EPSS

Exploits0

CNNVD•added 2022/06/01 12:0 a.m.•0 views

bleve 安全漏洞

bleve is a modern text indexing library for Go. A security vulnerability exists in bleve versions after v0.1.0, which stems from the fact that the bleve/http package, which is primarily used for demonstration purposes, lacks exhaustive validation of user input as well as any authentication and...

6.2CVSS5.8AI score0.00219EPSS

Exploits0References6

Positive Technologies•added 2022/06/01 12:0 a.m.•2 views

PT-2022-20466 · Bleve +1 · Bleve +1

Name of the Vulnerable Software and Affected Versions: Bleve affected versions not specified Description: The issue concerns the bleve/http package, which is used for demonstration purposes and lacks authentication, authorization, and validation of user inputs. This allows attackers to exploit a...

6.2CVSS5.7AI score0.00219EPSS

Exploits0References19

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by