Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/06/03 4:2 p.m.8 views

CVE-2026-46724

The file indexer does not normalize the configured directory path. A backend user with permission to edit indexer configurations can index documents from arbitrary locations on the server file system through path traversal sequences...

5.9CVSS5.9AI score0.00404EPSS
Exploits0References1
NVD
NVD
added 2026/05/19 10:16 a.m.10 views

CVE-2026-46724

The file indexer does not normalize the configured directory path. A backend user with permission to edit indexer configurations can index documents from arbitrary locations on the server file system through path traversal sequences...

5.9CVSS0.00404EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/19 9:24 a.m.10 views

CVE-2026-46724 Path Traversal in extension "Faceted Search" (ke_search)

The file indexer does not normalize the configured directory path. A backend user with permission to edit indexer configurations can index documents from arbitrary locations on the server file system through path traversal sequences...

5.9CVSS5.9AI score0.00404EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 9:24 a.m.18 views

CVE-2026-46724

CVE-2026-46724 affects the Typo3 extension Faceted Search (ke_search). The file indexer does not normalize the configured directory path, allowing a backend user with permission to edit indexer configurations to index documents from arbitrary server file-system locations via path traversal. CVSS ...

5.9CVSS5.9AI score0.00404EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.9 views

TYPO3 Extension Faceted Search 路径遍历漏洞

TYPO3 Extension Faceted Search is an open-source extension for TYPO3 that enables faceted search. TYPO3 Extension Faceted Search has a path traversal vulnerability. This vulnerability stems from the fact that the file indexer does not normalize the configured directory paths. As a result, backend...

5.9CVSS5.8AI score0.00404EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.13 views

PT-2026-41863

The additional tables configuration of the page and tt content indexers accepts arbitrary table and field names. A backend user with permission to edit indexer configurations can copy sensitive data from internal TYPO3 tables into the search index...

5.9CVSS5.9AI score0.00318EPSS
Exploits0References2
Rows per page
Query Builder