CVE-2024-53305
- EPSS 0.76%
- Veröffentlicht 16.04.2025 00:00:00
- Zuletzt bearbeitet 24.06.2025 15:01:57
An issue in the component /models/config.py of Whoogle search v0.9.0 allows attackers to execute arbitrary code via supplying a crafted search query.
CVE-2024-22203
- EPSS 0.58%
- Veröffentlicht 23.01.2024 18:15:18
- Zuletzt bearbeitet 21.11.2024 08:55:47
Whoogle Search is a self-hosted metasearch engine. In versions prior to 0.8.4, the `element` method in `app/routes.py` does not validate the user-controlled `src_type` and `element_url` variables and passes them to the `send` method which sends a GET...
CVE-2024-22204
- EPSS 0.19%
- Veröffentlicht 23.01.2024 18:15:18
- Zuletzt bearbeitet 21.11.2024 08:55:47
Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and prior have a limited file write vulnerability when the configuration options in Whoogle are enabled. The `config` function in `app/routes.py` does not validate the user-controlled ...
CVE-2024-22205
- EPSS 0.39%
- Veröffentlicht 23.01.2024 18:15:18
- Zuletzt bearbeitet 21.11.2024 08:55:47
Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the `window` endpoint does not sanitize user-supplied input from the `location` variable and passes it to the `send` method which sends a `GET` request on lines 339-343 i...
CVE-2024-22417
- EPSS 0.47%
- Veröffentlicht 23.01.2024 18:15:18
- Zuletzt bearbeitet 21.11.2024 08:56:14
Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the `element` method in `app/routes.py` does not validate the user-controlled `src_type` and `element_url` variables and passes them to the `send` method which sends a `G...