Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.3 views

CVE-2026-4004

The Task Manager plugin for WordPress is vulnerable to arbitrary shortcode execution via the 'search' AJAX action in all versions up to, and including, 3.0.2. This is due to missing capability checks in the callbacksearch function and insufficient input validation that allows shortcode syntax...

6.5CVSS6.1AI score0.00254EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/30 5:52 a.m.8 views

WordPress CubeWP plugin <= 1.1.27 - Unauthenticated Post Disclosure in class-cubewp-search-ajax-hooks.php vulnerability

Unauthenticated Post Disclosure in class-cubewp-search-ajax-hooks.php vulnerability discovered by stealthcopter in WordPress Plugin CubeWP versions = 1.1.27...

4.3CVSS5.9AI score0.00196EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-27193

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00302EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/09/11 1:22 a.m.12 views

CVE-2025-10115

A vulnerability was determined in SiempreCMS up to 1.3.6. This affects an unknown part of the file usersearchajax.php. This manipulation of the argument name/userName causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized...

7.5CVSS7.4AI score0.00302EPSS
Exploits0References1
CVE
CVE
added 2025/09/09 12:32 a.m.20 views

CVE-2025-10115

CVE-2025-10115 affects SiempreCMS up to version 1.3.6. The vulnerability resides in the file user_search_ajax.php where manipulation of the name/userName parameter triggers a SQL injection. The issue can be exploited remotely and the exploit has been publicly disclosed. Remediation per connected ...

7.5CVSS7.3AI score0.00302EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/09 12:32 a.m.5 views

CVE-2025-10115 SiempreCMS user_search_ajax.php sql injection

A vulnerability was determined in SiempreCMS up to 1.3.6. This affects an unknown part of the file usersearchajax.php. This manipulation of the argument name/userName causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized...

7.5CVSS6.9AI score0.00302EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.7 views

SiempreCMS SQL注入漏洞

SiempreCMS is a content management system of SiempreCMS open source. SiempreCMS 1.3.6 and earlier versions have a SQL injection vulnerability that stems from incorrect manipulation of the parameter name/userName in the file usersearchajax.php resulting in SQL injection...

7.5CVSS7.8AI score0.00302EPSS
Exploits0References4
OSV
OSV
added 2025/01/31 8:15 p.m.5 views

CVE-2025-0934

A vulnerability was found in code-projects Job Recruitment 1.0. It has been classified as problematic. This affects an unknown part of the file /parse/calljobsearchajax.php. The manipulation of the argument n leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

7.5CVSS5.2AI score0.00387EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/09/05 6:41 a.m.26 views

CVE-2024-6835 Ivory Search – WordPress Search Plugin <= 5.5.6 - Information Exposure via AJAX Search Form

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.5.6 via the ajaxloadposts function. This makes it possible for unauthenticated attackers to extract text data from password-protected posts using the...

5.3CVSS0.00529EPSS
Exploits0References4
Prion
Prion
added 2012/09/26 12:55 a.m.16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the term parameter to 1 autocomplete.php, 2 search/ajax/autosuggest.php, 3 livesuggest.php, or 4 save.php in frontend/modules/search/ajax...

4.3CVSS6.1AI score0.0122EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder