Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2026/06/05 7:34 p.m.11 views

CVE-2026-10863

A security issue was fixed in the correlations over-correlation endpoint where the order query parameter was accepted from user-controlled named request parameters. This allowed an authenticated user to override the server-defined ordering of over-correlating values. Depending on how the value wa...

8.1CVSS5.5AI score0.00225EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/04 1:44 p.m.5 views

CVE-2026-10863

A security issue was fixed in the correlations over-correlation endpoint where the order query parameter was accepted from user-controlled named request parameters. This allowed an authenticated user to override the server-defined ordering of over-correlating values. Depending on how the value wa...

6.4CVSS5.8AI score0.00225EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/04 1:44 p.m.10 views

CVE-2026-10863 MISP User-controlled order parameter in correlations over-correlation endpoint

A security issue was fixed in the correlations over-correlation endpoint where the order query parameter was accepted from user-controlled named request parameters. This allowed an authenticated user to override the server-defined ordering of over-correlating values. Depending on how the value wa...

6.4CVSS5.8AI score0.00225EPSS
Exploits0References1
cve
cve
added 2026/06/04 1:44 p.m.18 views

CVE-2026-10863

CVE-2026-10863 affects the correlations over-correlation endpoint in the application, specifically the overCorrelations() function in app/Controller/CorrelationsController.php. The vulnerability arises from accepting an order parameter from user-controlled named request parameters, which could al...

8.1CVSS5.8AI score0.00225EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder