WS-PoC-Search

WS-PoC-Search Lightning-fast CVE and PoC intelligence searc...

-CyberPentest-Plugin-Claude-Code

🔐 CyberPentest Plugin — Claude Code Plugin de pentest offen...

EUVD-2017-12146

Malware in sbrugna...

EUVD-2007-2316

Malware in sbrugna...

EUVD-2017-9687

Malware in sbrugna...

EUVD-2022-34516

Malicious code in bioql PyPI...

CVE-2025-8039

In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

CVE-2022-40121

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/managecustomers.php...

CVE-2020-20345

WTCMS 1.0 contains a reflective cross-site scripting XSS vulnerability in the page management background which allows attackers to obtain cookies via a crafted payload entered into the search box...

CVE-2017-18571

The search-everything plugin before 8.1.7 for WordPress has SQL injection related to WordPress 4.7.x, a different vulnerability than CVE-2014-2316...

Mongoose search injection vulnerability

Mongoose versions prior to 8.9.5, 7.8.4, and 6.13.6 are vulnerable to improper use of the $where operator. This vulnerability arises from the ability of the $where clause to execute arbitrary JavaScript code in MongoDB queries, potentially leading to code injection attacks and unauthorized access...

CVE-2025-23061

Mongoose before 8.9.5 can improperly use a nested $where filter with a populate match, leading to search injection. NOTE: this issue exists because of an incomplete fix for CVE-2024-53900...

CVE-2025-23061

Mongoose before 8.9.5 can improperly use a nested $where filter with a populate match, leading to search injection. NOTE: this issue exists because of an incomplete fix for CVE-2024-53900...

CVE-2025-23061

CVE-2025-23061 affects Mongoose before 8.9.5, enabling search injection via a nested $where filter in populate() match. This builds on an incomplete fix for CVE-2024-53900, as evidenced by multiple connected documents (Nuclei template, IBM security bulletins, and IBM/CVE details) describing NoSQL...

CVE-2024-53900

Mongoose before 8.8.3 can improperly use $where in match, leading to search injection...

Mars: RXSS in ███ via S parameter

A Reflected Cross-Site Scripting RXSS vulnerability was identified in the search functionality of the application. The vulnerability was triggered when a user manipulated the search parameter 's'. User input was not properly sanitized before being reflected back to users...

GolDRuSh

GolDRuSh: Goal-Driven Rule-Based vulnerability Search engine...

CVE-2023-28474

Concrete CMS previously concrete5 in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Saved Presets on search...

CVE-2023-1787

An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A search timeout could be triggered if a specific HTML payload was used in the issue description...

HackTools

This is a web browser extension for penetration testing, called HackTools. It is a comprehensive toolset for web application security testing, providing various features such as: Dynamic shell generation PHP, Bash, Ruby, Python, Perl, Netcat XSS payload generation Common SQL injection payloads...