diff --git a/app/controllers/global_activities_controller.rb b/app/controllers/global_activities_controller.rb
index b531c5ac1..b84085994 100644
--- a/app/controllers/global_activities_controller.rb
+++ b/app/controllers/global_activities_controller.rb
@@ -151,7 +151,25 @@ class GlobalActivitiesController < ApplicationController
   end
 
   def activity_filter_params
-    params.permit(:name, filter: {})
+    params.permit(
+      :name,
+      filter: [
+        :to_date,
+        :from_date,
+        { types: [] },
+        { subjects: {
+          'Report' => [],
+          'Project' => [],
+          'MyModule' => [],
+          'Protocol' => [],
+          'Experiment' => [],
+          'RepositoryRow' => [],
+          'RepositoryBase' => []
+        } },
+        { users: [] },
+        { teams: [] }
+      ]
+    )
   end
 
   def activity_filters
diff --git a/app/controllers/reports_controller.rb b/app/controllers/reports_controller.rb
index 8e779bb0c..fd262a6dc 100644
--- a/app/controllers/reports_controller.rb
+++ b/app/controllers/reports_controller.rb
@@ -361,7 +361,7 @@ class ReportsController < ApplicationController
 
   def report_params
     params.require(:report)
-          .permit(:name, :description, :grouped_by, :report_contents, settings: {})
+          .permit(:name, :description, :grouped_by, :report_contents, settings: permit_report_settings_structure(Report::DEFAULT_SETTINGS))
   end
 
   def search_params
diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb
index a86d04a82..afa8fd4e4 100644
--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@@ -145,7 +145,10 @@ class SearchController < ApplicationController
 
   def quick
     results = if params[:filter].present?
-                object_quick_search(params[:filter].singularize)
+                class_name = params[:filter].singularize
+                return render_422(t('general.invalid_params')) unless Constants::QUICK_SEARCH_SEARCHABLE_OBJECTS.include?(class_name)
+
+                object_quick_search(class_name)
               else
                 Constants::QUICK_SEARCH_SEARCHABLE_OBJECTS.filter_map do |object|
                   next if object == 'label_template' && !LabelTemplate.enabled?
diff --git a/app/helpers/reports_helper.rb b/app/helpers/reports_helper.rb
index 7dcc85929..2abd4fdc2 100644
--- a/app/helpers/reports_helper.rb
+++ b/app/helpers/reports_helper.rb
@@ -106,4 +106,17 @@ module ReportsHelper
       experiment_element.experiment.description
     end
   end
+
+  def permit_report_settings_structure(settings_definition)
+    settings_definition.each_with_object([]) do |(key, value), permitted|
+      permitted << case value
+                   when Hash
+                     { key => permit_report_settings_structure(value) }
+                   when Array
+                     { key => [] }
+                   else
+                     key
+                   end
+    end
+  end
 end
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 496297c9f..49a57d68d 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -4305,6 +4305,7 @@ en:
     comment_placeholder: "Your Message"
     comment_placeholder_new: "Add new comment…"
     archived: "Archived"
+    invalid_params: "Invalid params"
     sort:
       title: "Sorting"
       new_html: "Started last"