Lucene search
K

85 matches found

NVD
NVD
added last week16 views

CVE-2026-60125

MISP’s importModule path used getEnabledModule to resolve a single import module by name, but this lookup did not enforce the per-organisation module restriction checked by getEnabledModules. As a result, an authenticated user from an organisation that was not allowed to use a module restricted v...

5.3CVSS0.00207EPSS
Exploits0References1
NVD
NVD
added last week8 views

CVE-2026-60124

An authorization bypass in MISP’s EventsController::importModule allowed authenticated users or read-only API keys with event view access to persist data to events they were not allowed to modify. When an import module returned results in the mispstandard format, the write path did not verify eve...

5.3CVSS0.0022EPSS
Exploits0References1
OSV
OSV
added last week4 views

CVE-2026-60125 importModule function in MISP ignores per-organisation import module restrictions

MISP’s importModule path used getEnabledModule to resolve a single import module by name, but this lookup did not enforce the per-organisation module restriction checked by getEnabledModules. As a result, an authenticated user from an organisation that was not allowed to use a module restricted v...

5.3CVSS6.1AI score0.00207EPSS
Exploits0References4
Cvelist
Cvelist
added last week31 views

CVE-2026-60125 importModule function in MISP ignores per-organisation import module restrictions

MISP’s importModule path used getEnabledModule to resolve a single import module by name, but this lookup did not enforce the per-organisation module restriction checked by getEnabledModules. As a result, an authenticated user from an organisation that was not allowed to use a module restricted v...

5.3CVSS0.00207EPSS
Exploits0References1
EUVD
EUVD
added last week6 views

EUVD-2026-42241

MISP’s importModule path used getEnabledModule to resolve a single import module by name, but this lookup did not enforce the per-organisation module restriction checked by getEnabledModules. As a result, an authenticated user from an organisation that was not allowed to use a module restricted v...

5.3CVSS5.9AI score0.00207EPSS
Exploits0References1
EUVD
EUVD
added last week5 views

EUVD-2026-42239

An authorization bypass in MISP’s EventsController::importModule allowed authenticated users or read-only API keys with event view access to persist data to events they were not allowed to modify. When an import module returned results in the mispstandard format, the write path did not verify eve...

5.3CVSS6AI score0.0022EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-60124

An authorization bypass in MISP’s EventsController::importModule allowed authenticated users or read-only API keys with event view access to persist data to events they were not allowed to modify. When an import module returned results in the mispstandard format, the write path did not verify eve...

5.3CVSS6AI score0.0022EPSS
Exploits0References2
CVE
CVE
added last week7 views

CVE-2026-60124

The CVE-2026-60124 in MISP concerns an authorization bypass in EventsController::importModule(). When an import module returns results in the misp_standard format, the write path failed to verify event modification rights, allowing authenticated users or read-only API keys with event view access ...

5.3CVSS6AI score0.0022EPSS
Exploits0References1
Cvelist
Cvelist
added last week31 views

CVE-2026-60124 MISP importModule missing authorization allows read-only users to modify events via misp_standard imports

An authorization bypass in MISP’s EventsController::importModule allowed authenticated users or read-only API keys with event view access to persist data to events they were not allowed to modify. When an import module returned results in the mispstandard format, the write path did not verify eve...

5.3CVSS0.0022EPSS
Exploits0References1
OSV
OSV
added last week4 views

CVE-2026-60124 MISP importModule missing authorization allows read-only users to modify events via misp_standard imports

An authorization bypass in MISP’s EventsController::importModule allowed authenticated users or read-only API keys with event view access to persist data to events they were not allowed to modify. When an import module returned results in the mispstandard format, the write path did not verify eve...

5.3CVSS6.1AI score0.0022EPSS
Exploits0References4
CVE
CVE
added 2026/03/05 3:35 p.m.23 views

CVE-2026-30797

CVE-2026-30797 describes a Missing Authorization vulnerability in the RustDesk Client (rustdesk-client) across Windows, macOS, Linux, iOS, and Android. The issue involves the Flutter URI scheme handler and config import modules, permitting Application API Message Manipulation via Man-in-the-Middl...

9.3CVSS5.9AI score0.00455EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/02/03 10:16 p.m.8 views

CVE-2020-37078

i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allows authenticated attackers to delete arbitrary files by manipulating the deleteimport parameter. Attackers can send a POST request to the import module with a crafted filename to remove files from...

8.8CVSS0.00325EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/03 10:1 p.m.3 views

CVE-2020-37078 i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletion

i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allows authenticated attackers to delete arbitrary files by manipulating the deleteimport parameter. Attackers can send a POST request to the import module with a crafted filename to remove files from...

8.8CVSS5.5AI score0.00325EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/03 10:1 p.m.2 views

CVE-2020-37078

i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allows authenticated attackers to delete arbitrary files by manipulating the deleteimport parameter. Attackers can send a POST request to the import module with a crafted filename to remove files from...

8.8CVSS5.5AI score0.00325EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/02/03 10:1 p.m.29 views

CVE-2020-37078 i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletion

i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allows authenticated attackers to delete arbitrary files by manipulating the deleteimport parameter. Attackers can send a POST request to the import module with a crafted filename to remove files from...

8.8CVSS0.00325EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/03 10:1 p.m.4 views

EUVD-2020-30996

i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allows authenticated attackers to delete arbitrary files by manipulating the deleteimport parameter. Attackers can send a POST request to the import module with a crafted filename to remove files from...

8.8CVSS5.5AI score0.00325EPSS
Exploits0References4
CVE
CVE
added 2026/02/03 10:1 p.m.11 views

CVE-2020-37078

CVE-2020-37078 involves i-doit Open Source CMDB 1.14.1. The vulnerability is a file deletion flaw in the import module that allows authenticated attackers to delete arbitrary files by manipulating the delete_import parameter. An attacker can issue a crafted POST request to the import module (with...

8.8CVSS5.5AI score0.00325EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.9 views

i-doit Open Source CMDB 安全漏洞

i-doit Open Source CMDB is a configuration management database system developed by the German company i-doit. Version 1.14.1 of i-doit Open Source CMDB contains a security vulnerability. This vulnerability stems from a file deletion vulnerability in the deleteimport parameter of the import module...

8.8CVSS5.8AI score0.00325EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.6 views

PT-2026-5829

i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allows authenticated attackers to delete arbitrary files by manipulating the delete import parameter. Attackers can send a POST request to the import module with a crafted filename to remove files from...

8.8CVSS5.7AI score0.00325EPSS
Exploits0References5
NVD
NVD
added 2026/01/24 1:15 p.m.8 views

CVE-2026-0911

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the actionimportmodule function in all versions up to, and including, 7.8.9.2. This makes it possible for authenticated attackers, wi...

7.5CVSS0.00542EPSS
Exploits1References2
Rows per page
Query Builder