Lucene search
K

188 matches found

Cvelist
Cvelist
added yesterday18 views

CVE-2026-11781 Adminify < 4.2.10 - Contributor+ Sensitive Information Disclosure via Global Search AJAX

The Adminify WordPress plugin before 4.2.10 does not perform per-user read-capability checks on the results returned by one of its administration search features, allowing users with a low-privilege role Contributor to disclose non-public content that WordPress would not otherwise expose to them,...

0.00139EPSS
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-11781

The CVE-2026-11781 entry affects the Adminify WordPress plugin prior to version 4.2.10. The vulnerability arises because the plugin does not perform per-user read-capability checks on results returned by an administration search feature. As a result, users with a low-privilege role (Contributor) ...

2.7CVSS5.7AI score0.00139EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.10 views

CVE-2026-41183

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder query builders. Global search and the AJAX filter path still reveal conversations that should be...

4.3CVSS5.4AI score0.00224EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 5:16 p.m.10 views

CVE-2026-41183

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder query builders. Global search and the AJAX filter path still reveal conversations that should be...

4.3CVSS0.00224EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/21 5:0 p.m.30 views

CVE-2026-41183 FreeScout allows non-folder conversation queries to disclose assigned-only hidden conversations

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder query builders. Global search and the AJAX filter path still reveal conversations that should be...

4.3CVSS0.00224EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/21 5:0 p.m.7 views

EUVD-2026-24191

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder query builders. Global search and the AJAX filter path still reveal conversations that should be...

4.3CVSS5.8AI score0.00224EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/21 5:0 p.m.3 views

CVE-2026-41183

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder query builders. Global search and the AJAX filter path still reveal conversations that should be...

4.3CVSS5.8AI score0.00224EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/04/21 5:0 p.m.12 views

CVE-2026-41183

FreeScout core issue: prior to v1.8.215, the assigned‑only restriction was enforced for direct conversation view and folder queries but not for non‑folder query builders. As a result, global search and the AJAX filter path could disclose conversations that should have been hidden. Impact involves...

4.3CVSS5.8AI score0.00224EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.10 views

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.215 contained security vulnerabilities. These vulnerabilities stemmed from the fact that restrictions were only applied to...

4.3CVSS5.8AI score0.00224EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.10 views

PT-2026-34028

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder query builders. Global search and the AJAX filter path still reveal conversations that should be...

4.3CVSS5.8AI score0.00224EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/07 5:57 p.m.6 views

CVE-2026-39338 ChurchCRM has Blind XSS via Global Search – Administrative Cookie Session Exfiltration

ChurchCRM is an open-source church management system. Prior to 7.1.0, a Blind Reflected Cross-Site Scripting vulnerability exists in the search parameter accepted by the ChurchCRM dashboard. The application fails to sanitize or encode user-supplied input prior to rendering it within the browser's...

8.6CVSS6.3AI score0.00224EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/25 4:6 a.m.14 views

CVE-2026-3049

A vulnerability was detected in horilla-opensource horilla up to 1.0.2. This issue affects the function get of the file horillagenerics/globalsearch.py of the component Query Parameter Handler. The manipulation of the argument prevurl results in open redirect. The attack can be executed remotely...

6.1CVSS5AI score0.00377EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/24 12:32 a.m.4 views

CVE-2026-3049 horilla-opensource horilla Query Parameter global_search.py get redirect

A vulnerability was detected in horilla-opensource horilla up to 1.0.2. This issue affects the function get of the file horillagenerics/globalsearch.py of the component Query Parameter Handler. The manipulation of the argument prevurl results in open redirect. The attack can be executed remotely...

5.3CVSS5AI score0.00377EPSS
Exploits1References6
EUVD
EUVD
added 2026/02/24 12:32 a.m.8 views

EUVD-2026-7457

A vulnerability was detected in horilla-opensource horilla up to 1.0.2. This issue affects the function get of the file horillagenerics/globalsearch.py of the component Query Parameter Handler. The manipulation of the argument prevurl results in open redirect. The attack can be executed remotely...

5.3CVSS4.7AI score0.00377EPSS
Exploits1References6
CVE
CVE
added 2026/02/24 12:32 a.m.18 views

CVE-2026-3049

Affected software: horilla-opensource horilla (up to 1.0.2). Vulnerable component/file: Query Parameter Handler, specifically the function get in horilla_generics/global_search.py. Root cause: manipulation of the argument prev_url leads to an open redirect. Impact: remote exploitation possibility...

6.1CVSS4.9AI score0.00377EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/24 12:32 a.m.4 views

CVE-2026-3049

A vulnerability was detected in horilla-opensource horilla up to 1.0.2. This issue affects the function get of the file horillagenerics/globalsearch.py of the component Query Parameter Handler. The manipulation of the argument prevurl results in open redirect. The attack can be executed remotely...

5.3CVSS5AI score0.00377EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.11 views

PT-2026-21595

A vulnerability was detected in horilla-opensource horilla up to 1.0.2. This issue affects the function get of the file horilla generics/global search.py of the component Query Parameter Handler. The manipulation of the argument prev url results in open redirect. The attack can be executed...

5.3CVSS4.7AI score0.00377EPSS
Exploits1References7
Veracode
Veracode
added 2026/02/13 4:13 p.m.7 views

SQL Injection

devcode-it/openstamanager is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the term parameter in SQL LIKE clauses within the global search functionality, which allows an attacker to inject malicious SQL queries and extract sensitive data through time-based...

8.7CVSS5.8AI score0.00366EPSS
Exploits3References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/07 7:30 p.m.6 views

CVE-2026-24417

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the global search functionality. The application fails to properly sanitize the term parameter before...

8.7CVSS5.9AI score0.00366EPSS
Exploits3References1
NVD
NVD
added 2026/02/06 7:16 p.m.7 views

CVE-2026-24417

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the global search functionality. The application fails to properly sanitize the term parameter before...

8.7CVSS0.00366EPSS
Exploits3References1
Rows per page
Query Builder