Lucene search
K

1021 matches found

NVD
NVD
added 2026/06/12 8:16 p.m.10 views

CVE-2026-54361

MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag collections, event delegations, and shadow attributes. Several controller actions accepted user-supplied fields that should have remained server-controlled, including record identifiers and ownership-relat...

8.8CVSS0.00262EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 7:59 p.m.32 views

CVE-2026-54361 MISP mass assignment vulnerabilities allow unauthorized modification of ownership and delegation records

MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag collections, event delegations, and shadow attributes. Several controller actions accepted user-supplied fields that should have remained server-controlled, including record identifiers and ownership-relat...

8.8CVSS0.00262EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 7:59 p.m.9 views

EUVD-2026-36554

MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag collections, event delegations, and shadow attributes. Several controller actions accepted user-supplied fields that should have remained server-controlled, including record identifiers and ownership-relat...

8.8CVSS5.2AI score0.00262EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 7:59 p.m.28 views

CVE-2026-54361

CVE-2026-54361 affects MISP and stems from mass assignment flaws in collections, tag collections, event delegations, and shadow attributes. Several controller actions accepted user-supplied fields that should be server-controlled (e.g., id, org_id, orgc_id, user_id), enabling an authenticated att...

8.8CVSS5.2AI score0.00262EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.14 views

PT-2026-48973

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description Multiple mass assignment issues exist in the handling of collections, tag collections, event delegations, and shadow attributes. Certain controller actions accept user-supplied fields that shoul...

8.8CVSS5.3AI score0.00262EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.11 views

CVE-2026-53693

A stored cross-site scripting vulnerability existed in MISP BSimVis tag rendering code. Several client-side rendering paths interpolated tag names, collection names, entity identifiers, cluster names, and tag metadata directly into HTML, HTML attributes, inline JavaScript event handlers, and CSS...

6.9CVSS5.5AI score0.00277EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.9 views

MongoDB Server 代码问题漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a code vulnerability in MongoDB Server, which stems from the 2dsphere...

7.1CVSS5.4AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.8 views

CVE-2026-42884

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/collections and GET /api/collections/:id endpoints return collections from all libraries without checking whether the requesting user has access to each collection's library. An authenticated user with...

4.3CVSS5.5AI score0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.8 views

CVE-2026-44201

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This...

5.3CVSS5.4AI score0.00256EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.7 views

CVE-2026-40901

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below ship the legacy velocity-1.7.jar, which pulls in commons-collections-3.2.1.jar containing the InvokerTransformer deserialization gadget chain. Quartz 2.3.2, also bundled in the application, deserializ...

9CVSS6.3AI score0.0063EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.9 views

Kibana 8.x < 8.19.16 DoS (ESA-2026-39)

The version of Kibana installed on the remote host is 8.x prior to 8.19.16. It is, therefore, affected by a vulnerability as referenced in the ESA-2026-39 advisory. - Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An...

6.5CVSS5.5AI score0.0027EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 11:42 a.m.7 views

BIT-KIBANA-2026-49094 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user with viewer-level access can submit a request containing an oversized input value to an analytics collections management endpoint. Kibana will consume...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.10 views

CVE-2026-49094

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user with viewer-level access can submit a request containing an oversized input value to an analytics collections management endpoint. Kibana will consume...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/28 10:44 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the analytics collections management endpoint. An attacker can cause the...

7.1CVSS5.3AI score0.0027EPSS
Exploits0References2
Elastic
Elastic
added 2026/05/28 7:26 p.m.19 views

Kibana 8.19.16 Security Update (ESA-2026-39)

Uncontrolled Resource Consumption in Kibana Leading to Denial of Service Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user with viewer-level access can submit a request containing an oversized input value to...

6.5CVSS5.7AI score0.0027EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/05/28 8:38 a.m.236 views

osv-java-poc

OSV Scanner CVE Detection POC — Vulnerable Java App ⚠️ WA...

10CVSS7.2AI score0.99999EPSS
Exploits471
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.12 views

PT-2026-44536

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description Uncontrolled Resource Consumption in Kibana can lead to a denial of service through excessive allocation. An authenticated user with viewer-level access can submit a request containing an...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/18 3:59 p.m.60 views

CVE-2026-45829

A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...

10CVSS0.12387EPSS
Exploits2References2
CVE
CVE
added 2026/05/18 3:59 p.m.64 views

CVE-2026-45829

CVE-2026-45829 affects the ChromaDB Python project (version 1.0.0 and later). It is a pre-authentication code-injection vulnerability that allows an unauthenticated attacker to execute arbitrary code on the server by supplying a malicious model repository and setting trust_remote_code to true via...

10CVSS6.1AI score0.12387EPSS
Exploits2References5
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the validatecollectionaccess function using an incomplete list of allowed collections. Onl...

4.3CVSS5.8AI score0.00221EPSS
Exploits1References2
Rows per page
Query Builder