Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
search api vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-19629
In GitLab EE 10.5 up to and including 12.5.3, 12.4.5, and 12.3.8, when transferring a public project to a private group, private code would be disclosed via the Group Search API provided by the Elasticsearch integration.
Gitlab Gitlab
NA
CVE-2021-4339
The uListing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the "ulisting/includes/route.php" file on the /1/api/ulisting-user/search REST-API route in versions up to, and including, 1.6.6. This makes it possible for unau...
Stylemixthemes Ulisting
NA
CVE-2022-45177
An issue exists in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search={NAME]+{SURNAME] endpoint, and the /login endpoint. The web application provide...
Liveboxcloud Vdesk
NA
CVE-2023-3300
HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1.
Hashicorp Nomad
6.9
CVSSv2
CVE-2013-3485
Multiple untrusted search path vulnerabilities in Soda PDF 5.1.183.10520 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) api-ms-win-core-localregistry-l1-1-0.dll file in the current working directory.
Lulusoftware Soda Pdf 5.1.183.10520
4
CVSSv2
CVE-2014-6139
The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, and 8.5.5.0 allows remote authenticated users to bypass intended access restrictions and perform task-instance and process-instance searches by specifying a false value for the filterByCurrentUser parameter.
Ibm Business Process Manager 8.5.0.1
Ibm Business Process Manager 8.0.1.3
Ibm Business Process Manager 8.5.5.0
2.1
CVSSv2
CVE-2013-0227
Cross-site scripting (XSS) vulnerability in the Search API Sorts module 7.x-1.x prior to 7.x-1.4 for Drupal allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified field labels.
Mathijs Koenraadt Search Api Sorts 7.x-1.x
Mathijs Koenraadt Search Api Sorts 7.x-1.3
Mathijs Koenraadt Search Api Sorts 7.x-1.2
Mathijs Koenraadt Search Api Sorts 7.x-1.1
Mathijs Koenraadt Search Api Sorts 7.x-1.0
6.4
CVSSv2
CVE-2017-14487
The OhMiBod Remote app for Android and iOS allows remote malicious users to impersonate users by sniffing network traffic for search responses from the OhMiBod API server and then editing the username, user_id, and token fields in data/data/com.ohmibod.remote2/shared_prefs/OMB.xm...
Ohmibod Ohmibod Remote
6.5
CVSSv2
CVE-2021-21380
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform (and only those with the Ratings API installed), the Rating Script Service expose an API to perform SQL requests without escaping the fr...
Xwiki Xwiki 6.4
Xwiki Xwiki
2 Github repositories
NA
CVE-2023-30848
Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the admin search find API has a SQL injection vulnerability. Users should upgrade to version 10.5.21 to receive a patch or, as a workaround, apply the patch manually.
Pimcore Pimcore
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »