Lucene search
+L

220 matches found

Positive Technologies
Positive Technologies
added 2025/09/14 12:0 a.m.9 views

PT-2025-37404

Name of the Vulnerable Software and Affected Versions: miurla morphic versions prior to 0.4.5 Description: A flaw has been found in miurla morphic. This impacts the fetchHtml function of the file /api/advanced-search of the component HTTP Status Code 3xx Handler, causing server-side request...

6.5CVSS6.2AI score0.0024EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2023-31419

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was discovered in Elasticsearch, affecting the search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial...

7.5CVSS6.6AI score0.60679EPSS
Exploits4References2
RedhatCVE
RedhatCVE
added 2025/07/03 7:25 p.m.7 views

CVE-2025-6600

An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by leveraging a user-to-server token with no scopes via the Search API...

6.3CVSS6.5AI score0.00275EPSS
Exploits0References1
NVD
NVD
added 2025/07/01 7:15 p.m.16 views

CVE-2025-6600

An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by leveraging a user-to-server token with no scopes via the Search API...

6.3CVSS0.00275EPSS
Exploits0References1
OSV
OSV
added 2025/07/01 7:15 p.m.5 views

CVE-2025-6600

An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by leveraging a user-to-server token with no scopes via the Search API...

4.3CVSS5.7AI score0.00275EPSS
Exploits0References1
CVE
CVE
added 2025/07/01 6:56 p.m.38 views

CVE-2025-6600

This CVE affects GitHub Enterprise Server v3.17. The issue is an information-disclosure where a user-to-server token with no scopes, used via the Search API, could disclose private repository names within an organization. Exploitation required an organization administrator to install a malicious ...

6.3CVSS6.4AI score0.00275EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/01 6:56 p.m.11 views

CVE-2025-6600 GitHub Enterprise Server Information Disclosure Vulnerability Exposes Private Repository Names via Search API

An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by leveraging a user-to-server token with no scopes via the Search API...

6.3CVSS6.4AI score0.00275EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/01 6:56 p.m.29 views

CVE-2025-6600 GitHub Enterprise Server Information Disclosure Vulnerability Exposes Private Repository Names via Search API

An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by leveraging a user-to-server token with no scopes via the Search API...

6.3CVSS0.00275EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/01 12:0 a.m.8 views

PT-2025-27576 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server version 3.17 Description: An exposure of sensitive information issue was identified that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by...

6.3CVSS5.9AI score0.00275EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 1:54 a.m.9 views

CVE-2023-24812

Misskey is an open source, decentralized social media platform. In versions prior to 13.3.3 SQL injection is possible due to insufficient parameter validation in the note search API by tag notes/search-by-tag. This has been fixed in version 13.3.3. Users are advised to upgrade. Users unable to...

9.8CVSS7.8AI score0.0071EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:10 a.m.8 views

CVE-2013-0227

Cross-site scripting XSS vulnerability in the Search API Sorts module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified field labels...

2.1CVSS5.5AI score0.00941EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:6 a.m.7 views

CVE-2015-6752

Cross-site scripting XSS vulnerability in the Search API Autocomplete module 7.x-1.x before 7.x-1.3 for Drupal, when the search index is configured to use the HTML filter processor, allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified...

2.1CVSS5.6AI score0.00744EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:27 a.m.9 views

CVE-2019-12431

An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Restricted users could access the metadata of private milestones through the Search API. It has Improper Access Control...

4.3CVSS6.5AI score0.00751EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:47 a.m.12 views

CVE-2019-19629

In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferring a public project to a private group, private code would be disclosed via the Group Search API provided by the Elasticsearch integration...

7.5CVSS6.8AI score0.01155EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/26 8:51 a.m.22 views

CVE-2025-3907

Cross-Site Request Forgery CSRF vulnerability in Drupal Search API Solr allows Cross Site Request Forgery.This issue affects Search API Solr: from 0.0.0 before 4.3.9...

4.3CVSS7AI score0.0014EPSS
Exploits0References3
NVD
NVD
added 2025/04/23 5:16 p.m.37 views

CVE-2025-3907

Cross-Site Request Forgery CSRF vulnerability in Drupal Search API Solr allows Cross Site Request Forgery.This issue affects Search API Solr: from 0.0.0 before 4.3.9...

4.3CVSS0.0014EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/23 5:8 p.m.9 views

CVE-2025-3907 Search API Solr - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-046

Cross-Site Request Forgery CSRF vulnerability in Drupal Search API Solr allows Cross Site Request Forgery.This issue affects Search API Solr: from 0.0.0 before 4.3.9...

7AI score0.0014EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/23 5:8 p.m.42 views

CVE-2025-3907 Search API Solr - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-046

Cross-Site Request Forgery CSRF vulnerability in Drupal Search API Solr allows Cross Site Request Forgery.This issue affects Search API Solr: from 0.0.0 before 4.3.9...

0.0014EPSS
Exploits0References1
OSV
OSV
added 2025/04/23 5:8 p.m.7 views

CVE-2025-3907 Search API Solr - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-046

Cross-Site Request Forgery CSRF vulnerability in Drupal Search API Solr allows Cross Site Request Forgery.This issue affects Search API Solr: from 0.0.0 before 4.3.9...

4.3CVSS5.9AI score0.0014EPSS
Exploits0References5
CVE
CVE
added 2025/04/23 5:8 p.m.65 views

CVE-2025-3907

CVE-2025-3907 is a CSRF vulnerability in the Drupal Search API Solr module. The issue affects the module’s Solr integration for Drupal versions from 0.0.0 up to 4.3.8. The root cause is a CSRF flaw in routes handling within the Search API Solr integration, enabling unauthorized actions to be perf...

4.3CVSS6.7AI score0.0014EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder