Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Positive Technologies
Positive Technologiesadded 2026/05/15 12:0 a.m.5 views

PT-2026-41392

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 2026.5 Description The live search preview renders the source and context variables as HTML without proper escaping. This allows a contributor to store HTML and CSS that executes within the authenticated editor of any...

4.6CVSS5.5AI score0.00029EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2025/02/08 12:0 a.m.1 views

PT-2025-6017 · Dreamvention · Dreamvention Live Ajax Search

Name of the Vulnerable Software and Affected Versions: Dreamvention Live AJAX Search Free versions 1.0.0 through 1.0.6 Description: A critical issue has been found in the function searchresults/search of the file /?route=extension/live search/module/live search.searchresults. The manipulation of...

7.5CVSS7.8AI score0.00055EPSS
Exploits0References13
Veracode
Veracodeadded 2024/08/05 3:46 a.m.14 views

Code Injection

elektra is vulnerable to Code Injection. The vulnerability is due to improper handling of user input in the live search functionality of the Ruby on Rails-based Elektra web application, which allows authenticated users to craft a search term containing Ruby code that flows into an eval call,...

9.6CVSS6.9AI score0.00209EPSS
Exploits0References3Affected Software1
CVE
CVEadded 2024/08/01 2:33 p.m.61 views

CVE-2024-41961

Summary of CVE-2024-41961 (Elektra) : Elektra, a Ruby on Rails-based OpenStack dashboard, contains a code injection vulnerability in its live search functionality. An authenticated user can provide a search term that includes Ruby code, which flows to an eval sink and can execute arbitrary code. ...

9.6CVSS7.3AI score0.00209EPSS
Exploits0References3
Patchstack
Patchstackadded 2023/04/21 12:0 a.m.10 views

WordPress Dave's WordPress Live Search Plugin <= 4.8.1 is vulnerable to Cross Site Scripting (XSS)

Software Dave's WordPress Live Search Type Plugin Vulnerable versions = 4.8.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30876 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b8da8e543141 Credits Yuki Haruma...

5.9CVSS6AI score0.00087EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2022/02/28 12:0 a.m.15 views

WordPress Ajax Live Search Plugin For WordPress plugin <= 2.3.7 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Ajax Live Search Plugin For WordPress plugin versions = 2.3.7. Solution No patched version available...

4.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstackadded 2022/02/28 12:0 a.m.9 views

WordPress Ajax Live Search Plugin For WordPress plugin <= 2.3.7 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Ajax Live Search Plugin For WordPress plugin versions = 2.3.7. Solution No patched version available...

2.2AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDBadded 2017/05/01 12:0 a.m.19 views

Dave's WordPress Live Search <= 4.5 - Reflected Cross-Site Scripting (XSS)

From changelog: "Fixed cross-site scripting vulnerability in unsanitized "tab" parameter on admin pages"...

1.3AI score
Exploits0References1Affected Software1
Rows per page
Query Builder