Lucene search
+L

343 matches found

euvd
euvd
added yesterday4 views

EUVD-2026-44737

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.7, 10.3.2512.16, 10.2.2510.18, and 10.1.2507.24, an attacker could trick a user that holds a role with the listdeploymentserver capability into running arbitrary...

8.3CVSS6.2AI score
Exploits0References1
attackerkb
attackerkb
added yesterday4 views

CVE-2026-20296

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.7, 10.3.2512.16, 10.2.2510.18, and 10.1.2507.24, an attacker could trick a user that holds a role with the listdeploymentserver capability into running arbitrary...

8.3CVSS6.2AI score
Exploits0References2Affected Software2
cve
cve
added 2026/07/02 7:40 p.m.15 views

CVE-2026-59094

Affected software: Pathway, affected up to v0.31.1. Vulnerability: document store applies a caller-supplied glob pattern to indexed document paths via a hand-written recursive matcher that branches on each ** token without memoization, yielding exponential worst-case complexity. The pattern from ...

8.7CVSS5.9AI score0.0047EPSS
Exploits0References4
github
github
added 2026/06/12 7:6 p.m.13 views

TYPO3 CMS has Cross-Site Scripting in Indexed Search

Problem Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sanitization. When displayed in frontend search results via the Indexed Search plugin, these titles were rendered without proper output encodin...

5.1CVSS5.2AI score0.00269EPSS
Exploits0References7Affected Software2
osv
osv
added 2026/06/12 7:6 p.m.10 views

GHSA-CG75-QFG2-W9HJ TYPO3 CMS has Cross-Site Scripting in Indexed Search

Problem Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sanitization. When displayed in frontend search results via the Indexed Search plugin, these titles were rendered without proper output encodin...

5.1CVSS5.3AI score0.00269EPSS
Exploits0References7
cvelist
cvelist
added 2026/06/09 10:51 a.m.39 views

CVE-2026-47348 TYPO3 CMS - Cross-Site Scripting in Indexed Search

Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sanitization. When displayed in frontend search results via the Indexed Search plugin, these titles were rendered without proper output encoding,...

5.1CVSS0.00269EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/09 10:51 a.m.7 views

CVE-2026-47348 TYPO3 CMS - Cross-Site Scripting in Indexed Search

Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sanitization. When displayed in frontend search results via the Indexed Search plugin, these titles were rendered without proper output encoding,...

5.1CVSS5.5AI score0.00269EPSS
Exploits0References3
cve
cve
added 2026/06/09 10:51 a.m.27 views

CVE-2026-47348

CVE-2026-47348 describes a Cross-Site Scripting vulnerability in TYPO3 CMS where editors could insert HTML into page titles stored in the search index; when rendered in frontend search results via the Indexed Search plugin, the titles were not properly output-encoded. Affected: TYPO3 CMS versions...

5.1CVSS5.5AI score0.00269EPSS
Exploits0References3
osv
osv
added 2026/06/09 10:51 a.m.2 views

CVE-2026-47348 TYPO3 CMS - Cross-Site Scripting in Indexed Search

Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sanitization. When displayed in frontend search results via the Indexed Search plugin, these titles were rendered without proper output encoding,...

5.1CVSS6AI score0.00269EPSS
Exploits0References7
friendsofphp
friendsofphp
added 2026/06/09 8:57 a.m.8 views

TYPO3-CORE-SA-2026-010: Cross-Site Scripting in Indexed Search

More info at https://typo3.org/security/advisory/typo3-core-sa-2026-010...

5.1CVSS5.4AI score0.00269EPSS
Exploits0Affected Software1
ptsecurity
ptsecurity
added 2026/06/09 12:0 a.m.15 views

PT-2026-47741

Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions 13.0.0 through 13.4.30 TYPO3 CMS versions 14.0.0 through 14.3.2 Description Editors with permissions to create or modify page content can include HTML markup in page titles. These titles are stored in the search index withou...

5.1CVSS5.2AI score0.00269EPSS
Exploits0References9
attackerkb
attackerkb
added 2026/06/04 11:5 p.m.6 views

CVE-2026-11246

Insufficient validation of untrusted input in IndexedDB in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

5.3CVSS5.5AI score0.00202EPSS
Exploits0References3Affected Software1
redhatcve
redhatcve
added 2026/06/03 4:2 p.m.11 views

CVE-2026-46722

The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...

5.9CVSS5.8AI score0.00301EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/06/02 12:0 a.m.10 views

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. of the United States. Google Chrome has a vulnerability related to input validation, which stems from insufficient trust in input validation provided by the IndexedDB component...

5.3CVSS5.3AI score0.00202EPSS
Exploits0References3
snyk
snyk
added 2026/05/24 8:48 p.m.12 views

XML External Entity (XXE) Injection

Overview tpwd/kesearch is a search extension for TYPO3, including faceting search functions. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the OOXML parsing of the file indexer, external entity resolution is not disabled. A crafted XLSX or PPTX document...

5.9CVSS5.8AI score0.00301EPSS
Exploits0References2
fedora
fedora
added 2026/05/23 3:49 p.m.13 views

[SECURITY] Fedora 43 Update: perl-Apache-Session-Browseable-1.3.19-1.fc43

A virtual Apache::Session back-end providing some class methods to manipulate all sessions and add the capability to index some fields to make re-search faster...

6.5CVSS5.8AI score0.00243EPSS
Exploits0
astralinux
astralinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Chromium

Before version 102.0.5005.61, using the "after free" feature in Indexed DB in Google Chrome allowed a remote attacker to potentially perform a sandbox escape through a crafted HTML page...

9.6CVSS7.3AI score0.0088EPSS
Exploits0References2
redhat
redhat
added 2026/05/20 2:11 a.m.23 views

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

9.8CVSS6AI score0.04938EPSS
Exploits1References26
nessus
nessus
added 2026/05/20 12:0 a.m.20 views

RHEL 9 : firefox (RHSA-2026:17689)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17689 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

9.8CVSS6.1AI score0.04938EPSS
Exploits1References52
nessus
nessus
added 2026/05/20 12:0 a.m.13 views

RHEL 8 : thunderbird (RHSA-2026:19466)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:19466 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the...

9.8CVSS6.1AI score0.04938EPSS
Exploits1References52
Rows per page
Query Builder