Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
search api vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2013-2715
Cross-site scripting (XSS) vulnerability in the admin view in the Search API (search_api) module 7.x-1.x prior to 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a crafted field name.
Thomas Seidl Search Api 7.x-1.x
Thomas Seidl Search Api 7.x-1.0
Thomas Seidl Search Api 7.x-1.1
Thomas Seidl Search Api 7.x-1.2
Thomas Seidl Search Api 7.x-1.3
4
CVSSv2
CVE-2019-3990
A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained about registered users can be obtained via ...
Linuxfoundation Harbor
Linuxfoundation Harbor 1.9.0
Linuxfoundation Harbor 1.9.1
5
CVSSv2
CVE-2021-39122
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote malicious users to view users' emails via an Information Disclosure vulnerability in the /rest/api/2/search endpoint. The affected versions are before version 8.5.13, from version 8.6.0 prior t...
Atlassian Data Center
Atlassian Jira Data Center
Atlassian Jira
Atlassian Jira Server
2.6
CVSSv2
CVE-2012-2712
Multiple cross-site scripting (XSS) vulnerabilities in the Search API module 7.x-1.x prior to 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote malicious users to inject arbitrary web script or HTML via vectors related to thrown exceptions and lo...
Thomas Seidl Search Api 7.x-1.0
Thomas Seidl Search Api 7.x-1.x
NA
CVE-2024-2195
A critical Remote Code Execution (RCE) vulnerability was identified in the aimhubio/aim project, specifically within the `/api/runs/search/run/` endpoint, affecting versions >= 3.0.0. The vulnerability resides in the `run_search_api` function of the `aim/web/api/runs/views.py`...
7.5
CVSSv2
CVE-2019-1010179
PHKP including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b is affected by: Improper Neutralization of Special Elements used in a Command ('Command Injection'). The impact is: It is possible to manipulate gpg-keys or execute commands remotely. The component is: funct...
Phkp Project Phkp -
2.6
CVSSv2
CVE-2013-0181
Cross-site scripting (XSS) vulnerability in Views in the Search API (search_api) module 7.x-1.x prior to 7.x-1.4 for Drupal, when using certain backends and facets, allows remote malicious users to inject arbitrary web script or HTML via unspecified input, which is returned in an...
Thomas Seidl Search Api 7.x-1.0
Thomas Seidl Search Api 7.x-1.3
Thomas Seidl Search Api 7.x-1.x
Thomas Seidl Search Api 7.x-1.2
Thomas Seidl Search Api 7.x-1.1
7.5
CVSSv2
CVE-2018-1000885
PHKP version including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b contains a Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in function pgp_exec() phkp.php:98 that can result in It is possible to manipulate gpg-key...
Phkp Project Phkp
4.3
CVSSv2
CVE-2013-4384
Cross-site scripting (XSS) vulnerability in Google Site Search module 6.x-1.x prior to 6.x-1.4 and 7.x-1.x prior to 7.x-1.10 for Drupal allows remote malicious users to inject arbitrary web script or HTML by causing crafted data to be returned by the Google API.
Google Site Search Project Google Site Search Module 7.x-1.9
Google Site Search Project Google Site Search Module 7.x-1.3
Google Site Search Project Google Site Search Module 7.x-1.2
Google Site Search Project Google Site Search Module 6.x-1.0
Google Site Search Project Google Site Search Module 7.x-1.6
Google Site Search Project Google Site Search Module 7.x-1.5
Google Site Search Project Google Site Search Module 7.x-1.x
Google Site Search Project Google Site Search Module 7.x-1.0
Google Site Search Project Google Site Search Module 7.x-1.8
Google Site Search Project Google Site Search Module 7.x-1.7
Google Site Search Project Google Site Search Module 7.x-1.1
Google Site Search Project Google Site Search Module 6.x-1.x
Google Site Search Project Google Site Search Module 7.x-1.4
Google Site Search Project Google Site Search Module 6.x-1.3
Google Site Search Project Google Site Search Module 6.x-1.2
Google Site Search Project Google Site Search Module 6.x-1.1
6.8
CVSSv2
CVE-2021-42064
If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows malicious user to execute crafted database queries, exposing backend database. T...
Sap Commerce 1905
Sap Commerce 2005
Sap Commerce 2011
Sap Commerce 2105
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2024-34413
CVE-2024-34089
CVE-2024-33408
local
SQL
CVE-2024-0402
CVE-2024-33910
CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »