Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
search api vulnerabilities and exploits
(subscribe to this query)
187
VMScore
CVE-2015-6752
Cross-site scripting (XSS) vulnerability in the Search API Autocomplete module 7.x-1.x prior to 7.x-1.3 for Drupal, when the search index is configured to use the HTML filter processor, allows remote authenticated users with certain permissions to inject arbitrary web script or H...
Search Api Autocomplete Project Search Api Autocomplete 7.x-1.0
Search Api Autocomplete Project Search Api Autocomplete 7.x-1.2
Search Api Autocomplete Project Search Api Autocomplete 7.x-1.1
383
VMScore
CVE-2005-3869
Cross-site scripting (XSS) vulnerability in index.php in Google API Search 1.3.1 and previous versions allows remote malicious users to inject arbitrary web script or HTML via hex-encoded values in the REQ parameter.
Google Api Search
445
VMScore
CVE-2019-13417
Search Guard versions prior to 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated.
Search-guard Search Guard
383
VMScore
CVE-2022-25303
The package whoogle-search prior to 0.7.2 are vulnerable to Cross-site Scripting (XSS) via the query string parameter q. In the case where it does not contain the http string, it is used to build the error_message that is then rendered in the error.html template, using the [flask...
Whoogle-search Project Whoogle-search
740
VMScore
CVE-2021-20190
A flaw was found in jackson-databind prior to 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Fasterxml Jackson-databind
Netapp Oncommand Insight -
Netapp Service Level Manager -
Netapp Oncommand Api Services -
Netapp Active Iq Unified Manager -
Apache Nifi
Debian Debian Linux 9.0
Oracle Commerce Guided Search And Experience Manager 11.3.2
578
VMScore
CVE-2021-22149
Elastic Enterprise Search App Search versions prior to 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route. Using this vulnerability, an authenticated attacker could utilize API keys belonging to higher privileged users.
Elastic Enterprise Search
578
VMScore
CVE-2021-22148
Elastic Enterprise Search App Search versions prior to 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as their creator. This could lead to a less privileged user gaining access to unauthorized engines.
Elastic Enterprise Search
356
VMScore
CVE-2020-7018
Elastic Enterprise Search prior to 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow t...
Elastic Enterprise Search
NA
CVE-2023-49923
An issue exists by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level. Depending on the contents of such documents, this could lead to the insertion of sensitive or private information in the App Search logs. Elastic ha...
Elastic Enterprise Search
NA
CVE-2022-26374
Uncontrolled search path in the installation binaries for Intel(R) SEAPI all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
Intel Single Event Api
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »