Lucene search
K

49 matches found

NVD
NVD
added 2 days ago4 views

CVE-2026-49087

Allocation of Resources Without Limits or Throttling CWE-770 in Kibana can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted bulk deletion request that causes excessive resource consumption, which may render Kibana unavailable...

6.5CVSS0.00245EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-49087 Allocation of Resources Without Limits or Throttling in Kibana Leading to Denial of Service

Allocation of Resources Without Limits or Throttling CWE-770 in Kibana can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted bulk deletion request that causes excessive resource consumption, which may render Kibana unavailable...

6.5CVSS0.00245EPSS
Exploits0References1
CVE
CVE
added 2 days ago6 views

CVE-2026-49087

The CVE-2026-49087 issue concerns Kibana: Allocation of Resources Without Limits or Throttling (CWE-770) leading to a denial of service (CAPEC-130). An authenticated user can submit a crafted bulk deletion request that inflates resource use and can render Kibana unavailable. Connected sources spe...

6.5CVSS5.8AI score0.00245EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-41088

Allocation of Resources Without Limits or Throttling CWE-770 in Kibana can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted bulk deletion request that causes excessive resource consumption, which may render Kibana unavailable...

6.5CVSS5.8AI score0.00245EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-49087

Allocation of Resources Without Limits or Throttling CWE-770 in Kibana can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted bulk deletion request that causes excessive resource consumption, which may render Kibana unavailable...

6.5CVSS5.8AI score0.00245EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/23 8:54 p.m.7 views

EUVD-2026-38594

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it's a duplicate of CVE-2026-56784...

8.6CVSS5.7AI score0.00258EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:13 p.m.5 views

CVE-2026-56784

OpenRemote before 1.25.0 contains an insecure direct object reference IDOR vulnerability in the bulk alarm deletion endpoint that allows authenticated users to permanently delete alarms belonging to other tenants by supplying arbitrary alarm IDs. The removeAlarms method in AlarmResourceImpl.java...

8.6CVSS6AI score0.00258EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/23 12:13 p.m.4 views

CVE-2026-56784 OpenRemote < 1.25.0 IDOR via Bulk Alarm Deletion Endpoint

OpenRemote before 1.25.0 contains an insecure direct object reference IDOR vulnerability in the bulk alarm deletion endpoint that allows authenticated users to permanently delete alarms belonging to other tenants by supplying arbitrary alarm IDs. The removeAlarms method in AlarmResourceImpl.java...

8.6CVSS6AI score0.00258EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 2:17 p.m.8 views

CVE-2026-56424

MISP core contained multiple broken access-control flaws where authorization checks were performed against the wrong entity, or where ownership/editability checks were missing on write paths. In affected subsystems, a lower-privileged authenticated user with the relevant feature permission could...

8.8CVSS0.00361EPSS
Exploits0References5
NVD
NVD
added 2026/06/22 2:17 p.m.10 views

CVE-2026-56423

MISP Core contained broken access-control checks in the bulk deletion flows for Event Reports and Sharing Groups. The affected deleteSelection handlers authorized deletion using broad role-level permissions instead of validating authorization for each selected object. For Event Reports,...

9.4CVSS0.00261EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 11:56 a.m.7 views

EUVD-2026-38226

MISP Core contained broken access-control checks in the bulk deletion flows for Event Reports and Sharing Groups. The affected deleteSelection handlers authorized deletion using broad role-level permissions instead of validating authorization for each selected object. For Event Reports,...

9.4CVSS6AI score0.00261EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 11:56 a.m.26 views

CVE-2026-56423 MISP Core: Broken access control allows instance-wide unauthorized deletion of event reports and sharing groups via bulk deletion endpoints

MISP Core contained broken access-control checks in the bulk deletion flows for Event Reports and Sharing Groups. The affected deleteSelection handlers authorized deletion using broad role-level permissions instead of validating authorization for each selected object. For Event Reports,...

9.4CVSS0.00261EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 11:56 a.m.16 views

CVE-2026-56423

Summary: CVE-2026-56423 affects MISP Core where bulk deletion (Event Reports and Sharing Groups) used broad role permissions instead of per-object authorization checks, enabling instance-wide deletions by eligible users. What was vulnerable: EventReportsController::deleteSelection relied on the g...

9.4CVSS6AI score0.00261EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51307

Name of the Vulnerable Software and Affected Versions MISP Core affected versions not specified Description Broken access-control checks exist in the bulk deletion flows for Event Reports and Sharing Groups. The deleteSelection handlers authorized deletions using broad role-level permissions...

9.4CVSS5.8AI score0.00261EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/03/05 1:57 a.m.5 views

CVE-2026-3130

Improper Enforcement of Behavioral Controls in Devolutions Server 2025.3.15 and earlier allows an authenticated attacker with the delete permission to delete a PAM account that is currently checked out by selecting it alongside at least one non-checked-out account and performing a bulk deletion...

9.8CVSS5.9AI score0.00447EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/04 12:30 a.m.5 views

EUVD-2026-9336

Improper Enforcement of Behavioral Controls in Devolutions Server 2025.3.15 and earlier allows an authenticated attacker with the delete permission to delete a PAM account that is currently checked out by selecting it alongside at least one non-checked-out account and performing a bulk deletion...

9.8CVSS5.9AI score0.00447EPSS
Exploits0References2
OSV
OSV
added 2026/03/03 10:16 p.m.4 views

CVE-2026-3130

Improper Enforcement of Behavioral Controls in Devolutions Server 2025.3.15 and earlier allows an authenticated attacker with the delete permission to delete a PAM account that is currently checked out by selecting it alongside at least one non-checked-out account and performing a bulk deletion...

9.8CVSS5.8AI score0.00447EPSS
Exploits0References1
NVD
NVD
added 2026/03/03 10:16 p.m.6 views

CVE-2026-3130

Improper Enforcement of Behavioral Controls in Devolutions Server 2025.3.15 and earlier allows an authenticated attacker with the delete permission to delete a PAM account that is currently checked out by selecting it alongside at least one non-checked-out account and performing a bulk deletion...

9.8CVSS0.00447EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/03 9:27 p.m.1 views

CVE-2026-3130

Improper Enforcement of Behavioral Controls in Devolutions Server 2025.3.15 and earlier allows an authenticated attacker with the delete permission to delete a PAM account that is currently checked out by selecting it alongside at least one non-checked-out account and performing a bulk deletion...

5.9AI score0.00447EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/03 9:27 p.m.20 views

CVE-2026-3130

Improper Enforcement of Behavioral Controls in Devolutions Server 2025.3.15 and earlier allows an authenticated attacker with the delete permission to delete a PAM account that is currently checked out by selecting it alongside at least one non-checked-out account and performing a bulk deletion...

0.00447EPSS
Exploits0References1
Rows per page
Query Builder