CVE-2026-10721

Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7 f...

CVE-2026-10721

Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7...

CVE-2026-10721 Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the in Permission, Cache, and Search components

Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7...

EUVD-2026-35994

Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7...

CVE-2026-10721

Concrete CMS

PT-2026-48390

Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7...

EUVD-2026-34056

A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component startsearch. Performing a manipulation of the argument SearchResult results in inefficient regular expression complexity. It is...

CVE-2026-8011

An insufficient policy enforcement flaw was found in the Search component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496626029...

CVE-2026-27909

Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally...

EUVD-2026-22447

Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally...

CVE-2026-27909

Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally...

Windows Search Service Elevation of Privilege Vulnerability

Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally...

PT-2026-32771

CVE-2026-27909 Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally. https://t.co/EEmqZf1GgX...

Microsoft Windows 资源管理错误漏洞

Microsoft Windows is an operating system used by personal devices by the American company Microsoft. The Microsoft Windows Search Component has a resource management vulnerability. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are affected...

CVE-2026-3791

A vulnerability has been found in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file dashboard.php of the component Search. The manipulation of the argument searchtxt leads to sql injection. The attack is possible to be carried out...

PT-2026-6954

Name of the Vulnerable Software and Affected Versions BurtTheCoder mcp-maigret versions through 1.0.12 Description A flaw exists in the component search username within the file src/index.ts. Manipulating the Username argument can result in command injection, potentially allowing for remote...

PT-2026-3447

A security vulnerability has been detected in PHPGurukul Directory Management System 1.0. Impacted is an unknown function of the file /index.php of the component Search. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2023-4118

A vulnerability, which was classified as problematic, was found in Cute Http File Server 2.0. This affects an unknown part of the component Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may ...

CVE-2025-13744

An Improper Neutralization of Input During Web Page Generation vulnerability was identified in GitHub Enterprise Server that allowed attacker controlled HTML to be rendered by the Filter component search across GitHub that could be used to exfiltrate sensitive information. An attacker would requi...

CVE-2025-13546

A vulnerability was detected in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this issue is some unknown functionality of the file /results.php of the component Search. The manipulation of the argument userquery results in sql injection. The attack can be...