EUVD-2026-30167

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in the authentication key reset functionality allowed an authenticated organization administrator to reset authentication keys belonging to site administrator accounts within...

CVE-2026-44380

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in the authentication key reset functionality allowed an authenticated organization administrator to reset authentication keys belonging to site administrator accounts within...

CVE-2025-63291

When processing API requests, the Alteryx server 2022.1.1.42654 and 2024.1 used MongoDB object IDs to uniquely identify the data being requested by the caller. The Alteryx server did not check whether the authenticated user had permission to access the specified MongoDB object ID. By specifying...

EUVD-2024-21259

Malicious code in bioql PyPI...

CVE-2025-10650

SoftIron HyperCloud 2.5.0 through 2.6.3 may incorrectly add user SSH keys to the administrator-level authorized keys under certain conditions, allowing unauthorized privilege escalation to admin via SSH. Affects non-production debug and internal development builds created between versions 2.5.0 a...

CVE-2025-10650 Improper SSH Key Handling in Internal Debug Builds May Grant Cluster-Level Access to Non-Administrative Users

SoftIron HyperCloud 2.5.0 through 2.6.3 may incorrectly add user SSH keys to the administrator-level authorized keys under certain conditions, allowing unauthorized privilege escalation to admin via SSH. Affects non-production debug and internal development builds created between versions 2.5.0 a...

Foreman 信息泄露漏洞

Foreman is Foreman's open source set of lifecycle management tools for use in physical and virtual servers. The tool provides features such as service provisioning, configuration management, and status reporting. An information disclosure vulnerability exists in versions prior to Foreman 3.3, whi...

CVE-2024-23806

Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could include credential and device administrator keys...

Default configuration

Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could include credential and device administrator keys...

CVE-2024-23806 HID Global Reader Configuration Cards Improper Authorization

Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could include credential and device administrator keys...

CVE-2024-23806

CVE-2024-23806 targets HID iCLASS SE reader configuration cards and related devices. The vulnerability is described as Improper Authorization (CWE-285) and can allow reading sensitive data from the configuration cards, including credential and device administrator keys. Affected products include ...

PT-2023-31930 · Misskey · Misskey

Name of the Vulnerable Software and Affected Versions: Misskey versions prior to 2023.12.1 Description: Misskey is an open source, decentralized social media platform. Third-party applications may be able to access some endpoints or Websocket APIs that are incorrectly specified without the user's...

CVE-2022-31884

Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys...

CVE-2022-31884

Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys...