XML External Entity (XXE) Injection

Overview tpwd/kesearch is a search extension for TYPO3, including faceting search functions. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the additionaltables configuration of the page and ttcontent indexers that accept arbitrary table and field names....

CVE-2026-46724 Path Traversal in extension "Faceted Search" (ke_search)

The file indexer does not normalize the configured directory path. A backend user with permission to edit indexer configurations can index documents from arbitrary locations on the server file system through path traversal sequences...

CVE-2026-46724 Path Traversal in extension "Faceted Search" (ke_search)

The file indexer does not normalize the configured directory path. A backend user with permission to edit indexer configurations can index documents from arbitrary locations on the server file system through path traversal sequences...

CVE-2026-46724

CVE-2026-46724 affects the Typo3 extension Faceted Search (ke_search). The file indexer does not normalize the configured directory path, allowing a backend user with permission to edit indexer configurations to index documents from arbitrary server file-system locations via path traversal. CVSS ...

CVE-2026-46722 XML External Entity Injection in extension "Faceted Search" (ke_search)

The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...

TYPO3-EXT-SA-2026-011: Path Traversal in extension "Faceted Search" (ke_search)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-011...

CVE-2026-40201

@diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows stored XSS via the title in a .md file...

Cross-site Scripting (XSS)

Overview @diplodoc/search-extension is a Lunr based offline search extension for Diplodoc platform Affected versions of this package are vulnerable to Cross-site Scripting XSS in the title field of Markdown files. An attacker can execute arbitrary scripts in the context of the user's browser by...

@diplodoc/algolia (>=0.1.0 <=0.4.1), @diplodoc/algolia-extension (>=0.4.1 <=0.6.1) +1 more potentially affected by CVE-2026-40201 via @diplodoc/search-extension (=1.2.2)

@diplodoc/search-extension NPM version =1.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on @diplodoc/search-extension and may be impacted: - @diplodoc/algolia =0.1.0, =0.4.1, =0.0.0-rc-add-filemeta-to-boost-testing-202410220924, =5.0.0-alpha-10 Sour...

@diplodoc/algolia (>=0.1.0 <=0.4.1), @diplodoc/algolia-extension (>=0.4.1 <=0.6.1) +1 more potentially affected by CVE-2026-40201 via @diplodoc/search-extension (=1.2.2)

@diplodoc/search-extension NPM version =1.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on @diplodoc/search-extension and may be impacted: - @diplodoc/algolia =0.1.0, =0.4.1, =0.0.0-rc-add-filemeta-to-boost-testing-202410220924, =5.0.0-alpha-10 Sour...

GHSA-RJMP-RWJ4-MV82 @diplodoc/search-extension allows stored XSS via Markdown file title

@diplodoc/search-extension 1.0.0 through 3.0.2 allows stored XSS via .md file title...

@diplodoc/search-extension allows stored XSS via Markdown file title

@diplodoc/search-extension 1.0.0 through 3.0.2 allows stored XSS via .md file title...

CVE-2026-40201

@diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows stored XSS via the title in a .md file...

CVE-2026-40201

@diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows stored XSS via the title in a .md file...

CVE-2026-40201

@diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows stored XSS via the title in a .md file...

CVE-2026-40201

@diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows stored XSS via the title in a .md file...

EUVD-2026-26484

@diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows stored XSS via the title in a .md file...

PT-2026-36308

Name of the Vulnerable Software and Affected Versions @diplodoc/search-extension versions 1.0.0 through 3.0.2 Description Stored Cross-Site Scripting XSS occurs via the title in a .md file. Stored XSS is a type of vulnerability where a malicious script is permanently stored on the target server,...

Diplodoc search extension 跨站脚本漏洞

The Diplodoc Search Extension is an open-source extension tool for offline searching developed by Diplodoc. Versions of the Diplodoc Search Extension from 1.0.0 to 3.0.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from titles in.md files, which could lead to...

SUSE SLES12: libsqlite3-0 / libsqlite3-0-32bit / sqlite3 / sqlite3-devel / etc (SUSE-SU-2026:0955-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0955-1 advisory. Update to 3.51.3: - CVE-2025-7709: Integer Overflow in FTS5 Extension bsc1254670. - CVE-2025-70873: SQLite zipfile extension may disclose...