Lucene search
K

8 matches found

The Hacker News
The Hacker News
added 2026/06/15 3:9 p.m.12 views

One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes

A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search. Researchers at Varonis Threat Labs chained three bugs into a one-click exfiltration path they call SearchLeak. Because the link...

7.5CVSS5.7AI score0.0764EPSS
Exploits0
NVD
NVD
added 2026/04/21 5:16 p.m.10 views

CVE-2026-41183

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder query builders. Global search and the AJAX filter path still reveal conversations that should be...

4.3CVSS0.00224EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.4 views

CVE-2026-2458

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate team membership when searching channels which allows a removed team member to enumerate all public channels within a private team via the channel search API endpoint.. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References1
OSV
OSV
added 2026/01/26 2:49 p.m.4 views

BIT-MOODLE-2025-3628 Moodle: moodle assignment submission search leaks anonymous student identities

A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities...

4.3CVSS5.8AI score0.00271EPSS
Exploits0References3
OSV
OSV
added 2025/08/13 3:40 p.m.6 views

USN-7692-1 request-tracker5 vulnerabilities

It was discovered that Request Tracker was susceptible to timing attacks. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 22.04 LTS. CVE-2021-38562 It was discovered that Request Tracker was susceptible to cross-site scripting attacks whe...

7.5CVSS7.3AI score0.01707EPSS
Exploits0References12
Vulnrichment
Vulnrichment
added 2025/04/25 2:42 p.m.3 views

CVE-2025-3628 Moodle: moodle assignment submission search leaks anonymous student identities

A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities...

4.3CVSS7AI score0.00271EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/09/08 12:0 a.m.4 views

Apple iOS和Apple iPadOS 授权问题漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for the iPad tablet computer. A security vulnerability exists in iOS before 14.5 and iPadOS before 14.5, which stems from a possible...

2.4CVSS4.9AI score0.00324EPSS
Exploits0References2
Elastic
Elastic
added 2020/08/18 3:11 p.m.8 views

Elastic Stack 7.9.0 and 6.8.12 Security Update

Elasticsearch field disclosure flaw ESA-2020-12 A field disclosure flaw was found in Elasticsearch when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This...

6.5CVSS7.1AI score0.01204EPSS
Exploits0
Rows per page
Query Builder