Lucene search
K

23 matches found

NVD
NVD
added 6 days ago16 views

CVE-2026-60125

MISP’s importModule path used getEnabledModule to resolve a single import module by name, but this lookup did not enforce the per-organisation module restriction checked by getEnabledModules. As a result, an authenticated user from an organisation that was not allowed to use a module restricted v...

5.3CVSS0.00207EPSS
Exploits0References1
NVD
NVD
added 6 days ago8 views

CVE-2026-60124

An authorization bypass in MISP’s EventsController::importModule allowed authenticated users or read-only API keys with event view access to persist data to events they were not allowed to modify. When an import module returned results in the mispstandard format, the write path did not verify eve...

5.3CVSS0.0022EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-60125 importModule function in MISP ignores per-organisation import module restrictions

MISP’s importModule path used getEnabledModule to resolve a single import module by name, but this lookup did not enforce the per-organisation module restriction checked by getEnabledModules. As a result, an authenticated user from an organisation that was not allowed to use a module restricted v...

5.3CVSS0.00207EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.10 views

CVE-2026-39401

Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.111, jb child processes can include an updateevent key in their JSON output. The server applies this directly to the parent event's stored configuration without any authorization check. A low-privile...

5.4CVSS5.5AI score0.00178EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/07 8:24 p.m.2 views

CVE-2026-39401

Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.111, jb child processes can include an updateevent key in their JSON output. The server applies this directly to the parent event's stored configuration without any authorization check. A low-privile...

5.3CVSS5.9AI score0.00178EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2026/02/18 12:33 a.m.7 views

WordPress EventPrime plugin <= 4.2.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' Parameter vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Event Modification via 'eventid' Parameter vulnerability discovered by Supoj Polsawas sp0x5ec in WordPress Plugin EventPrime versions = 4.2.8.4...

4.3CVSS5.5AI score0.00281EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/15 7:10 a.m.16 views

CVE-2026-1987

The Scheduler Widget plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.1.6. This is due to the schedulerwidgetajaxsaveevent function lacking proper authorization checks and ownership verification when updating events. This makes it...

5.4CVSS5.5AI score0.00308EPSS
Exploits0References1
NVD
NVD
added 2026/02/14 7:16 a.m.18 views

CVE-2026-1987

The Scheduler Widget plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.1.6. This is due to the schedulerwidgetajaxsaveevent function lacking proper authorization checks and ownership verification when updating events. This makes it...

5.4CVSS0.00308EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/02/14 6:42 a.m.5 views

CVE-2026-1987 Scheduler Widget <= 0.1.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Event Modification

The Scheduler Widget plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.1.6. This is due to the schedulerwidgetajaxsaveevent function lacking proper authorization checks and ownership verification when updating events. This makes it...

5.4CVSS5.6AI score0.00308EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/14 6:42 a.m.6 views

CVE-2026-1987

The Scheduler Widget plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.1.6. This is due to the schedulerwidgetajaxsaveevent function lacking proper authorization checks and ownership verification when updating events. This makes it...

5.4CVSS5.5AI score0.00308EPSS
Exploits0References7
CVE
CVE
added 2026/02/14 6:42 a.m.27 views

CVE-2026-1987

CVE-2026-1987: Scheduler Widget (WordPress) vulnerability . Wordfence reports that Scheduler Widget plugin versions up to and including 0.1.6 are affected by an Insecure Direct Object Reference flaw in scheduler_widget_ajax_save_event(), which fails proper authorization and ownership checks when ...

5.4CVSS5.5AI score0.00308EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.12 views

PT-2026-8086

The Scheduler Widget plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.1.6. This is due to the scheduler widget ajax save event function lacking proper authorization checks and ownership verification when updating events. This makes it...

5.4CVSS5.5AI score0.00308EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/02/13 10:56 p.m.7 views

WordPress Scheduler Widget plugin <= 0.1.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Event Modification vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary Event Modification vulnerability discovered by MD. TAREQ AHAMED JONY itztrq - Knight Squad in WordPress Plugin Scheduler Widget versions = 0.1.6...

5.4CVSS5.5AI score0.00308EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2007-2393

Malware in sbrugna...

7.1CVSS6.4AI score0.02557EPSS
Exploits0References13
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-7310

Malware in sbrugna...

6.5CVSS6.6AI score0.01036EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/06/12 4:10 p.m.8 views

CVE-2025-48937

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those event...

4.9CVSS4.8AI score0.00311EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:4 a.m.7 views

CVE-2018-8949

An issue was discovered in app/Model/Attribute.php in MISP before 2.4.89. There is a critical API integrity bug, potentially allowing users to delete attributes of other events. A crafted edit for an event without attribute UUIDs but attribute IDs set could overwrite an existing attribute...

5.5CVSS6.8AI score0.00765EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/02/07 12:0 a.m.5 views

WordPress plugin 访问控制错误漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An authorization issue vulnerability exists in the Advanced Cron Manager WordPress plugin and the Advanced Cro...

4.3CVSS5.3AI score0.0065EPSS
Exploits2References2
NCSC
NCSC
added 2021/06/11 12:0 a.m.28 views

Vulnerabilities fixed in McAfee Agent for Windows

Vulnerabilities have been fixed in McAfee Agent for Windows. A malicious party could potentially exploit the vulnerability with CVE attribute CVE-2021-31840 potentially exploit it to execute arbitrary code with elevated privileges via a "DLL preloading" attack. The vulnerability with CVE attribut...

7.3CVSS7.9AI score0.00348EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/07/22 12:0 a.m.21 views

Fedora 31 : php-horde-kronolith (2020-0fbd043bcf)

kronolith 4.2.29 - mjr Fix regresssion in event modification notifications Bug 15022. ---- kronolith 4.2.28 - mjr SECURITY: Don't leak private details when sending notifications for private events Bug 15011. - mjr Fix regression in display of clickable event URL property Bug 14941. Note that...

5.5AI score
Exploits0References1
Rows per page
Query Builder