77 matches found
EUVD-2026-36768
An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensitive information via a crafted GET request...
CVE-2026-50870
An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensitive information via a crafted GET request...
CVE-2026-50870
An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensitive information via a crafted GET request...
PT-2026-49311
An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensitive information via a crafted GET request...
CVE-2026-50870
CVE-2026-50870 describes an information-disclosure flaw in the configuration endpoint of Ben Busby’s whoogle-search v1.2.3. The vulnerability is triggered by a crafted GET request against the configuration endpoint, and allows attackers to obtain sensitive information. The available connected doc...
EUVD-2022-0365
Malicious code in bioql PyPI...
EUVD-2024-0192
Malicious code in bioql PyPI...
EUVD-2024-0189
Malicious code in bioql PyPI...
EUVD-2024-0190
Malicious code in bioql PyPI...
EUVD-2024-54416
Malicious code in bioql PyPI...
CVE-2024-22204
Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and prior have a limited file write vulnerability when the configuration options in Whoogle are enabled. The config function in app/routes.py does not validate the user-controlled name variable on line 447 and configdata variable o...
CVE-2024-22417
Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the element method in app/routes.py does not validate the user-controlled srctype and elementurl variables and passes them to the send method which sends a GET request on lines 339-343 in requests.py. The returned...
Deserialization Of Untrusted Data
Whoogle Search is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to improper input sanitization due to the handling of crafted search queries in the /models/config.py component...
CVE-2024-53305
An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query...
Whoogle allows attackers to execute arbitrary code via supplying a crafted search query
An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query...
CVE-2024-53305
An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query...
CVE-2024-53305
An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query...
CVE-2024-53305
An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query...
CVE-2024-53305
An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query...
CVE-2024-53305
CVE-2024-53305 affects Whoogle Search v0.9.0 via the component at /models/config.py, allowing arbitrary code execution when a crafted search query is supplied. The connected records confirm the root cause is in the /models/config.py handler, with impact described as remote code execution and a CV...