67 matches found
CVE-2026-10855
An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application checked whether a matching template already existed but did not verify that the importing user belonged to the organization that owned the...
CVE-2026-10855 MISP Event template importer authorization bypass
An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application checked whether a matching template already existed but did not verify that the importing user belonged to the organization that owned the...
CVE-2026-10855
CVE-2026-10855 concerns an authorization flaw in the MISP Event Template Importer overwrite workflow. During overwrite, the system checked for a matching template but did not verify that the importing user belonged to the organization that owned the template. This could allow an authenticated use...
CVE-2026-10854
A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enabled galaxies without applying organisation or distribution-based access restrictions, potentially...
PT-2026-46224
A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enabled galaxies without applying organisation or distribution-based access restrictions, potentially...
CVE-2025-14509
The Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.1.13. This is due to the plugin using eval to execute user-supplied input from the 'Conditional Tags' setting without proper validation or sanitization...
MISP 安全漏洞
MISP is an open source software solution from MISP Open Source. The product is used to collect, store, distribute, and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP versions prior to 2.5.27,...
📄 Microsoft Sharepoint Authentication Bypass
This is a proof of concept exploit for a Microsoft Sharepoint authentication bypass vulnerability discovered in 2023. ============================================================================================================================================= | Title : SharePoint Authentication...
EUVD-2012-2389
Malware in sbrugna...
EUVD-2024-33989
Malicious code in bioql PyPI...
EUVD-2024-3286
Malicious code in bioql PyPI...
EUVD-2022-2005
Malicious code in bioql PyPI...
EUVD-2022-6866
Malicious code in bioql PyPI...
EUVD-2023-24082
Malicious code in bioql PyPI...
EUVD-2025-11933
Malicious code in bioql PyPI...
EUVD-2022-1554
Malicious code in bioql PyPI...
BIT-MOODLE-2024-43436 Moodle: site administration sql injection via xmldb editor
A SQL injection risk flaw was found in the XMLDB editor tool available to site administrators...
CVE-2021-32477
The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability site administrators by default. Moodle versions 3.10 to 3.10.3 are affected...
CVE-2024-11925
The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. This is due to the plugin not properly verifying a users identity when verifying an email address through the useraccountactivation function. This makes it possible f...
GHSA-MX26-62XM-2P83 Moodle vulnerable to site administration SQL injection via XMLDB editor
A SQL injection risk flaw was found in the XMLDB editor tool available to site administrators...