Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
search server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-45471
The QAD Search Server is vulnerable to Stored Cross-Site Scripting (XSS) in versions up to, and including, 1.0.0.315 due to insufficient checks on indexes. This makes it possible for unauthenticated malicious users to create a new index and inject a malicious web script into its ...
Qad Search Server
1 Github repository
7.5
CVSSv2
CVE-2008-4032
Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote malicious users to cause a denial of service (server load), obtain sensitive informatio...
Microsoft Office Sharepoint Server 2007
Microsoft Search Server 2008
4.3
CVSSv2
CVE-2005-1599
Cross-site scripting (XSS) vulnerability in Kryloff Technologies Subject Search Server (SSServer) 1.1 allows remote malicious users to inject arbitrary web script or HTML via the "Search For" field.
Kryloff Technologies Subject Search Server 1.1
6.5
CVSSv2
CVE-2019-13423
Search Guard Kibana Plugin versions prior to 5.6.8-7 and prior to 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all of the following conditions a-c are true: a) Kibana is configured to use Sing...
Search-guard Search Guard
4
CVSSv2
CVE-2021-37940
An information disclosure via GET request server-side request forgery vulnerability exists with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the GHES integration to view hosts that might not be p...
Elastic Enterprise Search
NA
CVE-2024-22203
Whoogle Search is a self-hosted metasearch engine. In versions before 0.8.4, the `element` method in `app/routes.py` does not validate the user-controlled `src_type` and `element_url` variables and passes them to the `send` method which sends a GET request on lines 339-343 in `re...
Benbusby Whoogle Search
NA
CVE-2024-22205
Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the `window` endpoint does not sanitize user-supplied input from the `location` variable and passes it to the `send` method which sends a `GET` request on lines 339-343 in `request.py,` which leads to...
Benbusby Whoogle Search
2.6
CVSSv2
CVE-1999-1009
The Disney Go Express Search allows remote malicious users to access and modify search information for users by connecting to an HTTP server on the user's system.
Disney Go Express Search
7.5
CVSSv2
CVE-2017-13708
Buffer overflow in the web server service in VX Search Enterprise 10.0.14 allows remote malicious users to execute arbitrary code via a crafted GET request.
Vxsearch Vx Search 10.0.14
NA
CVE-2023-5099
The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the 'src' attribute of the 'csvsearch' shortcode. This allows authenticated attackers, with contributor-level permissions a...
Jonashjalmarsson Html Filter And Csv-file Search
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »