4 matches found
EUVD-2024-0191
Malicious code in bioql PyPI...
EUVD-2024-0189
Malicious code in bioql PyPI...
Server side request forgery (ssrf)
Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the window endpoint does not sanitize user-supplied input from the location variable and passes it to the send method which sends a GET request on lines 339-343 in request.py, which leads to a server-side request...
CVE-2024-22203 Whoogle Search Server Side Request Forgery vulnerability
Whoogle Search is a self-hosted metasearch engine. In versions prior to 0.8.4, the element method in app/routes.py does not validate the user-controlled srctype and elementurl variables and passes them to the send method which sends a GET request on lines 339-343 in request.py, which leads to a...