638 matches found
CVE-2026-54359 MISP automation endpoints may be exposed to CSRF when Sec-Fetch-Site protection is disabled by default
MISP contains an insecure default configuration in which the Security.checksecfetchsiteheader control is disabled. When this setting is disabled, state-changing requests such as POST, PUT, or AJAX requests are not restricted based on the browser-provided Sec-Fetch-Site header. A remote...
CVE-2026-48610
Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices...
CVE-2026-48610
Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices...
CVE-2026-48610
Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices...
CVE-2026-48610
CVE-2026-48610 describes an Improper Access Control vulnerability on certain devices running UniFi OS. A remote attacker with network access could cause unauthorized changes to UniFi OS devices. The CVSSv3.1 base score is 8.1 (High) with network attack vector, high impact on confidentiality, inte...
EUVD-2026-36378
Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices...
PT-2026-48825
Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices...
CVE-2026-53808
OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop apply flow that allows agent tool calls to set apply: true despite approvalPolicy: pending configuration. Attackers can exploit this by reaching the affected apply path to apply workshop changes before...
EUVD-2026-36314
OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop apply flow that allows agent tool calls to set apply: true despite approvalPolicy: pending configuration. Attackers can exploit this by reaching the affected apply path to apply workshop changes before...
CVE-2026-9211
An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation...
CVE-2026-0410
Authenticated administrators connected to the local network can gain elevated access to the router and make unauthorized changes to router software and functionality...
CVE-2026-42863
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the chatflow update endpoint of FlowiseAI. The endpoint allows clients to modify server-controlled properties such as deployed, isPublic,...
EUVD-2026-35458
An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation...
EUVD-2026-35452
Authenticated administrators connected to the local network can gain elevated access to the router and make unauthorized changes to router software and functionality...
CVE-2026-9211
An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation...
CVE-2026-0410
Authenticated administrators connected to the local network can gain elevated access to the router and make unauthorized changes to router software and functionality...
CVE-2026-9211
Technical details (affected products, root cause, versions, and precise impact) are not publicly available in the provided documents. Monitor for updates.
CVE-2026-9211 Certain NETGEAR routers allow unauthenticated users to gain control of the router
An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation...
CVE-2026-9211 Certain NETGEAR routers allow unauthenticated users to gain control of the router
An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation...
CVE-2026-0410
CVE-2026-0410 affects certain NETGEAR routers. The issue is insufficient input validation that allows authenticated administrators on the local network to gain elevated access and make unauthorized changes to router software and functionality. The provided documents describe the affected conditio...