Lucene search
K

29 matches found

ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-59834

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the block search endpoint POST /api/search/fullTextSearchBlock concatenates attacker-controlled paths values into SQL predicates used by non-SQL search modes, allowing an unauthenticated publish visitor to inject a UNI...

7.5CVSS6AI score0.0038EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42520

The Ultimate Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'moreResultsText' block attribute of the ultimate-post/advanced-search block in versions up to and including 5.0.31. This is due to insufficient input sanitization and output escaping in the...

6.4CVSS6AI score0.00206EPSS
Exploits0References8
NVD
NVD
added 2026/03/20 1:15 a.m.10 views

CVE-2026-32767

SiYuan is a personal knowledge management system. Versions 3.6.0 and below contain an authorization bypass vulnerability in the /api/search/fullTextSearchBlock endpoint. When the method parameter is set to 2, the endpoint passes user-supplied input directly as a raw SQL statement to the underlyin...

9.8CVSS0.00541EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/20 12:13 a.m.25 views

CVE-2026-32767 SiYuan: Authorization Bypass Allows Arbitrary SQL Execution via Search API

SiYuan is a personal knowledge management system. Versions 3.6.0 and below contain an authorization bypass vulnerability in the /api/search/fullTextSearchBlock endpoint. When the method parameter is set to 2, the endpoint passes user-supplied input directly as a raw SQL statement to the underlyin...

9.8CVSS0.00541EPSS
Exploits1References4
Snyk
Snyk
added 2026/03/16 8:44 p.m.8 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the fullTextSearchBlock handler in kernel/api/search.go. An attacker can execute unauthorized SQL statements, including reading, modifying, or deleting database contents, by sending method=2 with a crafte...

9.8CVSS6AI score0.00541EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/05 1:57 a.m.9 views

CVE-2026-3244

In Concrete CMS below version 9.4.8, A stored cross-site scripting XSS vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search results. This allows authenticated, rogue administrators to inject malicious JavaScript through page nam...

4.8CVSS5.8AI score0.00195EPSS
Exploits1References1
OSV
OSV
added 2026/03/04 3:31 a.m.4 views

GHSA-MM5F-5RQW-574F Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability

In Concrete CMS below version 9.4.8, A stored Cross-site Scripting XSS vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search results. This allows authenticated, rogue administrators to inject malicious JavaScript through page nam...

4.8CVSS5.9AI score0.00195EPSS
Exploits1References4
NVD
NVD
added 2026/03/04 2:15 a.m.9 views

CVE-2026-3244

In Concrete CMS below version 9.4.8, A stored cross-site scripting XSS vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search results. This allows authenticated, rogue administrators to inject malicious JavaScript through page nam...

4.8CVSS0.00195EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/04 1:55 a.m.1 views

CVE-2026-3244

In Concrete CMS below version 9.4.8, A stored cross-site scripting XSS vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search results. This allows authenticated, rogue administrators to inject malicious JavaScript through page nam...

4.8CVSS5.8AI score0.00195EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/04 1:55 a.m.5 views

CVE-2026-3244 Concrete CMS below version 9.4.8 is vulnerable to Stored XSS in Search Results via Page Names

In Concrete CMS below version 9.4.8, A stored cross-site scripting XSS vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search results. This allows authenticated, rogue administrators to inject malicious JavaScript through page nam...

4.8CVSS5.8AI score0.00195EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.7 views

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS prior to 9.4.8 contained a security vulnerability. This vulnerability stemmed from improper HTML encoding during the rendering of page names and content in the search block, which could le...

4.8CVSS5.7AI score0.00195EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 7:50 a.m.4 views

CVE-2024-11910

The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp-crowdfunding/search block in all versions up to, and including, 2.1.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS7.4AI score0.00313EPSS
Exploits0References1
OSV
OSV
added 2024/12/13 9:15 a.m.2 views

CVE-2024-11910

The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp-crowdfunding/search block in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS7.4AI score0.00313EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/12/13 12:0 a.m.2 views

WordPress plugin WP Crowdfunding 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site...

6.4CVSS7.9AI score0.00313EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 11:11 a.m.19 views

BIT-WORDPRESS-MULTISITE-2020-11030 Cross-site scripting (XSS) in Search block in WordPress

In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously...

6.4CVSS5.7AI score0.01437EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/10/20 12:0 a.m.98 views

WordPress 5.8.x < 5.8.6 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A stored Cross-Site Scripting XSS via wp-mail.php post by email. - An open redirect in wpnonceays. - Sender's email address is exposed in wp-mail.php. - A Cross-Site...

7.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/10/20 12:0 a.m.19 views

WordPress 4.5.x < 4.5.28 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A stored Cross-Site Scripting XSS via wp-mail.php post by email. - An open redirect in wpnonceays. - Sender's email address is exposed in wp-mail.php. - A Cross-Site...

7.8AI score
Exploits0References2
Wordfence Blog
Wordfence Blog
added 2022/10/18 7:44 p.m.146 views

Patch Now: The WordPress 6.0.3 Security Update Contains Important Fixes

The WordPress 6.0.3 Security Update contains patches for a large number of vulnerabilities, most of which are low in severity or require a highly privileged user account or additional vulnerable code in order to exploit. As with every WordPress core release containing security fixes, the Wordfenc...

0.4AI score
Exploits0
Patchstack
Patchstack
added 2022/10/18 12:0 a.m.17 views

WordPress core <= 6.0.2 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability in the Search block discovered by Alex Concha WP Security team in WordPress core versions = 6.0.2. Solution Update the WordPress to the latest available version at least 6.0.3...

1.8AI score
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/05/11 12:0 a.m.12 views

Fedora 31 : wordpress (2020-7701f49327)

WordPress 5.4.1 Security Updates Seven security issues affect WordPress versions 5.4 and earlier. If you havent yet updated to 5.4, all WordPress versions since 3.7 have also been updated to fix the following security issues : - Props to Muaz Bin Abdus Sattar and Jannes who both independently...

5.4AI score
Exploits0References1
Rows per page
Query Builder