Lucene search
K

4207 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/22 11:56 a.m.4 views

CVE-2026-56423

MISP Core contained broken access-control checks in the bulk deletion flows for Event Reports and Sharing Groups. The affected deleteSelection handlers authorized deletion using broad role-level permissions instead of validating authorization for each selected object. For Event Reports,...

9.4CVSS6AI score0.00261EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/22 11:56 a.m.30 views

CVE-2026-56423 MISP Core: Broken access control allows instance-wide unauthorized deletion of event reports and sharing groups via bulk deletion endpoints

MISP Core contained broken access-control checks in the bulk deletion flows for Event Reports and Sharing Groups. The affected deleteSelection handlers authorized deletion using broad role-level permissions instead of validating authorization for each selected object. For Event Reports,...

9.4CVSS0.00261EPSS
Exploits1References2
CVE
CVE
added 2026/06/22 11:56 a.m.22 views

CVE-2026-56423

Summary: CVE-2026-56423 affects MISP Core where bulk deletion (Event Reports and Sharing Groups) used broad role permissions instead of per-object authorization checks, enabling instance-wide deletions by eligible users. What was vulnerable: EventReportsController::deleteSelection relied on the g...

9.4CVSS6AI score0.00261EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/06/22 11:56 a.m.9 views

EUVD-2026-38226

MISP Core contained broken access-control checks in the bulk deletion flows for Event Reports and Sharing Groups. The affected deleteSelection handlers authorized deletion using broad role-level permissions instead of validating authorization for each selected object. For Event Reports,...

9.4CVSS6AI score0.00261EPSS
Exploits1References2
NVD
NVD
added 2026/06/22 8:17 a.m.15 views

CVE-2026-44914

Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Process Groups that include extension components with specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required, but framework authorization did not...

7.5CVSS0.00393EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 7:38 a.m.35 views

CVE-2026-44914 Apache NiFi: Missing Authorization of Restricted Permissions when Replacing Flow Contents

Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Process Groups that include extension components with specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required, but framework authorization did not...

7.5CVSS0.00393EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 7:38 a.m.11 views

EUVD-2026-38219

Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Process Groups that include extension components with specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required, but framework authorization did not...

7.5CVSS5.9AI score0.00393EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 7:38 a.m.12 views

CVE-2026-44914

Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Process Groups that include extension components with specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required, but framework authorization did not...

7.5CVSS5.9AI score0.00393EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/22 7:38 a.m.27 views

CVE-2026-44914

Apache NiFi versions 1.12.0–2.9.0 are vulnerable to missing authorization when replacing Process Groups that include extension components with the Restricted annotation. The Restricted annotation signals higher privileges, but framework authorization did not enforce restricted status during repla...

7.5CVSS5.9AI score0.00393EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51284

Name of the Vulnerable Software and Affected Versions Apache NiFi versions 1.12.0 through 2.9.0 Description Authorization is missing when replacing Process Groups that include extension components with specific Required Permissions based on the Restricted annotation. The Restricted annotation...

7.5CVSS5.9AI score0.00393EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.16 views

PT-2026-51307

Name of the Vulnerable Software and Affected Versions MISP Core affected versions not specified Description Broken access-control checks exist in the bulk deletion flows for Event Reports and Sharing Groups. The deleteSelection handlers authorized deletions using broad role-level permissions...

9.4CVSS5.8AI score0.00261EPSS
Exploits1References9
CVE
CVE
added 2026/06/19 6:11 p.m.24 views

CVE-2026-49288

Statamic CMS patch for CVE-2026-49288 fixes a missing authorization on Control Panel fieldtype endpoints that allowed an authenticated CP user to view restricted metadata and content (entries, assets, users, roles, groups, etc.). The issue could disclose titles, custom field values, entry content...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-51005

Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.23 Statamic versions prior to 6.20.0 Description An authenticated Control Panel user can view metadata and content for resources they lack permission to access. This includes entries, assets, users, roles, group...

4.3CVSS5.9AI score0.00162EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37584

Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

6.5CVSS5.4AI score0.00433EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-47340

Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

6.5CVSS0.00433EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 9:0 a.m.29 views

CVE-2026-47340 Apache DolphinScheduler: An incorrect authorization vulnerability allows authenticated users to access alert instances associated with alert groups they do not have permission to access.

Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

0.00433EPSS
Exploits0References1
OSV
OSV
added 2026/06/16 12:37 p.m.6 views

BIT-DISCOURSE-2026-47264 Discourse: Don't leak restricted tag group names via tag info

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.4, 2026.3.0 to before 2026.3.1, and 2026.4.0 to before 2026.4.1, DetailedTagSerializertaggroupnames returned every tag group a tag belonged to without filtering against the requesting user's visibility. With...

5.3CVSS5.3AI score0.00216EPSS
Exploits0References2
OSV
OSV
added 2026/06/16 12:37 p.m.5 views

BIT-DISCOURSE-2026-44783 Discourse: Replying to a whisper lets non-whisperers create staff-only whisper posts

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.4, 2026.3.0 to before 2026.3.1, and 2026.4.0 to before 2026.4.1, a flaw in how replies to whisper posts are handled allows authenticated users outside the groups configured in whispersallowedgroups to post in...

5.4CVSS5.3AI score0.00148EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/06/16 2:14 a.m.13 views

Chromium: CVE-2026-11673 Use after free in InterestGroups

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS5.2AI score0.00243EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/15 12:0 a.m.9 views

Arista Networks EOS Tunnel Decapsulation Improper Validation (SA0137)

On affected platforms running Arista EOS where a tunnel decapsulation configuration - such as VXLAN Virtual Extensible LAN, decap-groups, or a GRE Generic Routing Encapsulation tunnel interface - is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packets wit...

6.9CVSS6.1AI score0.00836EPSS
Exploits1References2
Rows per page
Query Builder