CVE-2025-61872

Mahara before 25.04.2 and 24.04.11 are vulnerable to displaying results that can trigger XSS via a malicious search query string. This occurs in the 'search site' feature when using the Elasticsearch7 search plugin. The Elasticsearch function does not properly sanitize input in the query paramete...

CVE-2016-10513

Cross Site Scripting XSS exists in Piwigo before 2.8.3 via a crafted search expression to include/functionssearch.inc.php...

EUVD-2016-1695

Malware in sbrugna...

CVE-2021-32848

Octobox is software for managing GitHub notifications. Prior to pull request PR 2807, a user of the system can provide a specifically crafted search query string that will trigger a ReDoS vulnerability. This issue is fixed in PR 2807...

CVE-2024-52979

A flaw was found in Elasticsearch. This flaw allows a remote attacker to trigger an application-level denial of service by sending specially crafted search templates that use Mustache functions. Mitigation Mitigation for this issue is either not available or the currently available options do not...

CVE-2024-53305

An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query...

GHSA-2689-CW26-6CPJ Whoogle allows attackers to execute arbitrary code via supplying a crafted search query

An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query...

Whoogle allows attackers to execute arbitrary code via supplying a crafted search query

An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query...

The vulnerability of the parse_st() function in the UPnP service’s microprogramming software for Netgear WNR854T allows a hacker to execute arbitrary code.

The vulnerability of the parsest function in the UPnP service of Netgear’s WNR854T router software lies in the fact that the operation outside the buffer is allowed when processing the M-SEARCH request header value. Exploiting this vulnerability allows a remote attacker to execute arbitrary code ...

CVE-2024-2878

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible for an attacker to cause a denial of service by crafting unusual search terms for branch names...

CVE-2023-2785 Specially crafted search query can cause large log entries in postgres

Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files which can result in Denial of Service...

CVE-2021-32848

Octobox is software for managing GitHub notifications. Prior to pull request PR 2807, a user of the system can provide a specifically crafted search query string that will trigger a ReDoS vulnerability. This issue is fixed in PR 2807...

PT-2023-12181 · Octobox · Octobox

Name of the Vulnerable Software and Affected Versions: Octobox versions prior to pull request 2807 Description: Octobox is software for managing GitHub notifications. A user of the system can provide a specifically crafted search query string that will trigger a ReDoS vulnerability...

CVE-2022-43564

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user who can create search macros and schedule search reports can cause a denial of service through the use of specially crafted search macros...

PT-2022-26967 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.1.12 Splunk Enterprise versions prior to 8.2.9 Splunk Enterprise versions prior to 9.0.2 Description: A remote user who can create search macros and schedule search reports can cause a denial of service...

GHSA-GJ2J-PPJQ-9PJG Moodle Cross-site scripting (XSS) vulnerability in course management search

Cross-site scripting XSS vulnerability in the searchpagination function in course/classes/managementrenderer.php in Moodle 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted search string...

WTCMS 跨站脚本漏洞

WTCMS is a content management system CMS based on ThinkPHP.A cross-site scripting vulnerability exists in the WTCMS page management backend. An attacker can exploit the vulnerability to obtain a cookie by entering a specially crafted payload into the search box...

CVE-2010-2222

The gerparsecontrol function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service NULL pointer dereference via a crafted search query...

Null pointer dereference

The gerparsecontrol function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service NULL pointer dereference via a crafted search query...

USN-3895-1 ldb vulnerability

It was discovered that LDB incorrectly handled certain search expressions. A remote attacker could possibly use this issue to cause the Samba LDAP process to crash, resulting in a denial of service...