CVE-2026-44364

MISP modules are autonomous modules that can be used to extend MISP for new services. In 3.0.7 and earlier, a Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerabili...

CVE-2026-44364

The CVE affects the MISP-modules component in MISP modules’ home blueprint prior to 3.0.7, where CSRF protection was disabled, allowing an authenticated user to trigger unintended requests and potentially modify session query data. The issue was fixed by enabling CSRF protection for the affected ...

CVE-2026-31225

The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The parseoppart function in query.py uses the unsafe eval function to dynamically evaluate user-supplied query operands without proper sanitization or restriction. Although...

GHSA-2799-6G5R-MMC7 Superduper: Remote code execution via unsafe eval in superduper query parsing

The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The parseoppart function in query.py uses the unsafe eval function to dynamically evaluate user-supplied query operands without proper sanitization or restriction. Although...

EUVD-2026-29509

The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The parseoppart function in query.py uses the unsafe eval function to dynamically evaluate user-supplied query operands without proper sanitization or restriction. Although...

Superduper: Remote code execution via unsafe eval in superduper query parsing

The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The parseoppart function in query.py uses the unsafe eval function to dynamically evaluate user-supplied query operands without proper sanitization or restriction. Although...

CVE-2026-31225

The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The parseoppart function in query.py uses the unsafe eval function to dynamically evaluate user-supplied query operands without proper sanitization or restriction. Although...

PT-2026-40064

The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The parse op part function in query.py uses the unsafe eval function to dynamically evaluate user-supplied query operands without proper sanitization or restriction. Althoug...

CVE-2026-31225

The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The parseoppart function in query.py uses the unsafe eval function to dynamically evaluate user-supplied query operands without proper sanitization or restriction. Although...

CVE-2026-31225

The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The parseoppart function in query.py uses the unsafe eval function to dynamically evaluate user-supplied query operands without proper sanitization or restriction. Although...

DEBIAN-CVE-2026-39825

ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery...

GHSA-J4RH-7JCR-QM69 misp-modules website - Missing CSRF protection in the website home blueprint

A Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerability was due to the home blueprint being exempted from CSRF protection. This could allow modification of sessi...

CLSA-2026-1772575666 containernetworking-plugins: Fix of 3 CVEs

rebuild with newer golang version 1.22.9-1.el92.tuxcare.els6 to fix the following CVE - CVE-2025-61729: fix excessive resource consumption when constructing hostname error messages for certificates with many SANs - CVE-2025-61726: limit parsed URL query parameters to mitigate excessive memory...

PT-2026-38309

Name of the Vulnerable Software and Affected Versions MISP modules versions 3.0.7 and earlier Description A Cross-Site Request Forgery CSRF issue in the MISP Modules website allows an attacker to trick an authenticated user into submitting unintended requests to the "/home" endpoint. This occurs...

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

RHEL 9 : skopeo (RHSA-2026:9098)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:9098 advisory. The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and...

PT-2026-33827

Name of the Vulnerable Software and Affected Versions NanoMQ MQTT Broker versions prior to 0.24.11 Description A remotely triggerable heap buffer overflow exists in the uri param parse function of the REST API. This issue is caused by an off-by-one error during memory allocation for query paramet...

RHEL 10 : osbuild-composer (RHSA-2026:5852)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5852 advisory. A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building...

RHEL 8 : rhc (RHSA-2026:5030)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:5030 advisory. rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management. Security...

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...