Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
search api vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2021-22132
Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search will improperly store the HTTP headers. An Elasticsearch user with the ability to read the .tasks index could obtain sensitive request headers ...
Elastic Elasticsearch
Oracle Communications Cloud Native Core Automated Test Suite 1.8.0
NA
CVE-2023-30347
Cross Site Scripting (XSS) vulnerability in Neox Contact Center 2.3.9, via the serach_sms_api_name parameter to the SMA API search.
Stl Neox Dial Centre 2.3.9
6.5
CVSSv2
CVE-2013-4662
The Quick Search API in CiviCRM 4.2.0 up to and including 4.2.9 and 4.3.0 up to and including 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to the "second layer" of the API, related to conta...
Civicrm Civicrm 4.2.8
Civicrm Civicrm 4.2.9
Civicrm Civicrm 4.3.1
Civicrm Civicrm 4.2.5
Civicrm Civicrm 4.2.7
Civicrm Civicrm 4.3.3
Civicrm Civicrm 4.2.0
Civicrm Civicrm 4.2.1
Civicrm Civicrm 4.2.2
Civicrm Civicrm 4.3.0
Civicrm Civicrm 4.3.2
Civicrm Civicrm 4.2.4
Civicrm Civicrm 4.2.6
5
CVSSv2
CVE-1999-0270
Directory traversal vulnerability in pfdispaly.cgi program (sometimes referred to as "pfdisplay") for SGI's Performer API Search Tool (performer_tools) allows remote malicious users to read arbitrary files.
Sgi Irix 6.2
Sgi Irix 6.3
Sgi Irix 6.4
6.8
CVSSv2
CVE-2012-5547
Multiple cross-site request forgery (CSRF) vulnerabilities in the Search API module 7.x-1.x prior to 7.x-1.3 for Drupal allow remote malicious users to hijack the authentication of administrators for requests that (1) enable a server via a server action or (2) enable a search ind...
Thomas Seidl Search Api 7.x-1.0
Thomas Seidl Search Api 7.x-1.x
Thomas Seidl Search Api 7.x-1.2
Thomas Seidl Search Api 7.x-1.1
NA
CVE-2023-36652
A SQL Injection in the users searching REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated malicious users to read database data via SQL commands injected in the search parameter.
Prolion Cryptospike 3.0.15
4
CVSSv2
CVE-2019-12431
An issue exists in GitLab Community and Enterprise Edition 8.13 up to and including 11.11. Restricted users could access the metadata of private milestones through the Search API. It has Improper Access Control.
Gitlab Gitlab
5
CVSSv2
CVE-2016-6497
main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows malicious users to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods.
Apache Groovy Ldap
NA
CVE-9999-9999
Busca de CVEs Esta é uma aplicação de linha de comando escrita em Go, cujo objetivo é buscar informações sobre CVEs disponíveis na API pública CVE Search Utilização Para utilizar a API é necessári...
1 Github repository
NA
CVE-2024-23446
An issue exists by Elastic, whereby the Detection Engine Search API does not respect Document-level security (DLS) or Field-level security (FLS) when querying the .alerts-security.alerts-{space_id} indices. Users who are authorized to call this API may obtain unauthorized access ...
Elastic Kibana
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »