Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/20 6:39 p.m.8 views

CVE-2026-9136

A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the record. Because the underlying framework treats a supplied primary key as an instruction to update...

8.3CVSS5.7AI score0.00229EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/20 6:39 p.m.20 views

CVE-2026-9136

CVE-2026-9136 affects the ShadowAttribute proposal creation workflow in MISP. An add action accepted client-supplied ShadowAttribute data without stripping the id field, allowing an authenticated user to supply the identifier of an existing ShadowAttribute and cause an update instead of creating ...

8.3CVSS5.7AI score0.00229EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/05/20 6:39 p.m.2 views

CVE-2026-9136 Unauthorized ShadowAttribute modification in MISP via client-supplied identifier

A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the record. Because the underlying framework treats a supplied primary key as an instruction to update...

8.3CVSS5.8AI score0.00229EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.12 views

PT-2026-42247

Name of the Vulnerable Software and Affected Versions MISP versions prior to 2.5.38 Description An issue exists in the ShadowAttribute proposal creation workflow where the add action accepts user-controlled request data without removing the id field before saving the record. Since the underlying...

8.3CVSS5.8AI score0.00229EPSS
Exploits0References5
Rows per page
Query Builder