30655 matches found
EUVD-2026-44524
CAI Content Credentials is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must...
EUVD-2026-44560
Illustrator is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed...
CVE-2026-48287
CAI Content Credentials is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must...
CVE-2025-40945
A vulnerability has been identified in COMOS V10.4.5 All versions V10.4.5.0.2, COMOS V10.6 All versions V10.6.1, Designcenter NX All versions V2512.7000, Simcenter 3D All versions V2512.7000, Simcenter Femap V2506 All versions V2506.0003, Simcenter Femap V2512 All versions V2512.0002, Simcenter...
CVE-2025-40945
CVE-2025-40945 affects multiple Siemens/Siemens Digital Industries software (e.g., COMOS, Designcenter NX, Simcenter suite, Solid Edge, Teamcenter Visualization, Tecnomatix, etc.) across numerous versions. The vulnerability is described as an untrusted search path in the IAM Client SDK that may a...
CVE-2025-40945
A vulnerability has been identified in COMOS V10.4.5 All versions V10.4.5.0.2, COMOS V10.6 All versions V10.6.1, Designcenter NX All versions V2512.7000, Simcenter 3D All versions V2512.7000, Simcenter Femap V2506 All versions V2506.0003, Simcenter Femap V2512 All versions V2512.0002, Simcenter...
MooSocial 3.1.8 - Cross-Site Scripting
A reflected cross-site scripting XSS vulnerability exisits in the q parameter on search function of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL. id: CVE-2023-45542 info: name: MooSocial 3.1.8 - Cross-Site Scripting author...
Lyrion Music Server <= 9.2.0 - Cross-Site Scripting
Lyrion Music Server 9.2.0 contains a reflected XSS caused by improper sanitization of the search parameter in the server.log endpoint, letting unauthenticated attackers execute arbitrary script in users' browsers. id: CVE-2026-50230 info: name: Lyrion Music Server = 9.2.0 - Cross-Site Scripting...
CKAN DataStore SQL Search - SQL Injection
CKAN, an open-source data management system used for powering open data portals, contains an unauthenticated SQL injection vulnerability in the datastoresearchsql API endpoint. id: CVE-2026-42031 info: name: CKAN DataStore SQL Search - SQL Injection author: theamanrawat severity: high description...
WordPress WP-Advanced-Search <= 3.3.9 - SQL Injection
The WordPress WP-Advanced-Search plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...
WordPress e-search <=1.0 - Cross-Site Scripting
Wordpress plugin e-search 1.0 and before contains a cross-site scripting vulnerability via dateselect.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...
Online Security Guards Hiring System - Cross-Site Scripting
A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file search-request.php. id: CVE-2023-0527 info: name: Online Security Guards Hiring System - Cross-Site Scripting author:...
XWiki < 4.10.15 - Email Disclosure
The Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for objcontent:email using XWiki's regular search interface. id: CVE-2023-50720 info: name: XWiki 4.10.15 - Email Disclosure author:...
Mongoose < 8.8.3 - Remote Code Execution
Mongoose before 8.8.3 can improperly use $where in match, leading to search injection. id: CVE-2024-53900 info: name: Mongoose 8.8.3 - Remote Code Execution author: h4mg severity: critical description: | Mongoose before 8.8.3 can improperly use $where in match, leading to search injection. impact...
Complete Online Job Search System 1.0 - SQL Injection
Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/admin/company/index.php?view=edit&id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site...
Complete Online Job Search System 1.0 - SQL Injection
Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/index.php?q=hiring&search=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...
Complete Online Job Search System 1.0 - Cross-Site Scripting
Complete Online Job Search System 1.0 contains a cross-site scripting vulnerability via index.php?q=advancesearch. id: CVE-2022-29316 info: name: Complete Online Job Search System 1.0 - Cross-Site Scripting author: arafatansari severity: high description: | Complete Online Job Search System 1.0...
Autonomy Ultraseek - Open Redirect
Open redirect vulnerability in cs.html in the Autonomy formerly Verity Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter. id: CVE-2009-0347 info: name: Autonomy Ultraseek - Open Redirect author: ctflearner...
ChanCMS <= 3.3.0 - SQL Injection
yanyutao0402 ChanCMS = 3.3.0 contains a SQL injection caused by manipulation of the "key" argument in app/modules/api/service/Api.js Search function, letting remote attackers execute arbitrary SQL commands, exploit requires crafted request. id: CVE-2025-10210 info: name: ChanCMS = 3.3.0 - SQL...
XWiki - HQL Injection
XWiki is vulnerable to Hibernate Query Language HQL injection in the wiki and space search REST API starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0. The vulnerability allows attackers to inject malicious HQL queries through the orderField parameter, potential...