OpenCTI: Privilege escalation via graphQL API is abusable by organization admins, due to incorrect ACL on userEdit relationAdd

Summary An organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization. Impact Full platform access, access to sensitive or proprietary information...

EUVD-2026-31908

OpenCTI: Privilege escalation via graphQL API is abusable by organization admins, due to incorrect ACL on userEdit relationAdd...

PYSEC-0000-CVE-2026-44730

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.7, an organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization. This is due to incorrect ACL o...

CVE-2026-44730 OpenCTI: Privilege escalation via graphQL API abusable by organization admins, due to incorrect ACL on userEdit relationAdd

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.7, an organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization. This is due to incorrect ACL o...

CVE-2026-47102 LiteLLM < 1.83.10 Privilege Escalation via User Update

LiteLLM prior to 1.83.10 allows a user to modify their own userrole via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxyadmin...

CVE-2026-44380

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in the authentication key reset functionality allowed an authenticated organization administrator to reset authentication keys belonging to site administrator accounts within...

CVE-2026-42300

DevGuard provides vulnerability management for the full software supply chain. Prior to 1.2.2, the SessionMiddleware accepts a client-supplied X-Admin-Token HTTP request header and uses its raw string value as the authenticated userID when no Kratos session cookie is present. An unauthenticated...

CVE-2019-12794

An issue was discovered in MISP 2.4.108. Organization admins could reset credentials for site admins organization admins have the inherent ability to reset passwords for all of their organization's users. This, however, could be abused in a situation where the host organization of an instance...

EUVD-2019-4377

Malware in sbrugna...

EUVD-2024-2960

Malicious code in bioql PyPI...

EUVD-2023-2733

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-4822

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user...

Grafana Labs 10.4.x < 10.4.19, 11.2.x < 11.2.10, 11.3.x < 11.3.7, 11.4 < 11.4.5, 11.5 < 11.5.5, 11.6 < 11.6.2, 12.0.x < 12.0.1 Improper Access Control (CVE-2025-3580)

The version of Grafana Labs installed on the remote host is affected by an improper access control vulnerability as referenced in the CVE-2025-3580 advisory. - An access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server...

BIT-GRAFANA-2025-3580

An access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server administrator account. This vulnerability exists in the DELETE /api/org/users/ endpoint. The vulnerability can be exploited when: 1. An Organization administrator...

CVE-2024-56335 Privilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwarden

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. In affected versions an attacker is capable of updating or deleting groups from an organization given a few conditions: 1. The attacker has a user account in the server. 2. The attacker's...

SUSE CVE-2024-52009

Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. Atlantis logs contains GitHub credentials tokens ghs... when they are rotated. This enables an attacker able to read these logs to impersonate Atlantis application and to perform actions on...

Unauthorized Invite Deletion

github.com/grafana/grafana is vulnerable to unauthorized invite deletion. The vulnerability is due to insufficient access control validation in the system, where organization admins are not properly restricted to actions only within the organization they belong to. It allows admins to delete...

PT-2024-16292 · Grafana +2 · Grafana +2

Name of the Vulnerable Software and Affected Versions: Grafana affected versions not specified Description: The issue allows organization admins to delete pending invites created in an organization they are not part of. This can be exploited by a Grafana org admin to delete pending invites in...

grafana: incorrect assessment of permissions across organizations

A flaw was found in the Grafana enterprise package. Grafana is incorrectly assessing permissions to update global roles and role assignments, therefore, users with administrator permissions in one organization can change global role permissions and global role assignments. After successful...

Grafana Fine-grained access control vulnerability

Impact On Nov. 2, during an internal security audit, we discovered that when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance, Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, ad...