Lucene search
K

5 matches found

NVD
NVD
added 2026/06/12 8:16 p.m.12 views

CVE-2026-54359

MISP contains an insecure default configuration in which the Security.checksecfetchsiteheader control is disabled. When this setting is disabled, state-changing requests such as POST, PUT, or AJAX requests are not restricted based on the browser-provided Sec-Fetch-Site header. A remote...

7.1CVSS0.00189EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 7:44 p.m.18 views

CVE-2026-54359

The CVE-2026-54359 entries describe an insecure default in MISP where Security.check_sec_fetch_site_header is disabled, allowing CSRF-like abuse where a remote unauthenticated attacker could induce an authenticated user’s browser to issue state-changing requests (POST/PUT/AJAX) to MISP automation...

7.1CVSS5.3AI score0.00189EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-48971

MISP contains an insecure default configuration in which the Security.check sec fetch site header control is disabled. When this setting is disabled, state-changing requests such as POST, PUT, or AJAX requests are not restricted based on the browser-provided Sec-Fetch-Site header. A remote...

7.1CVSS5.2AI score0.00189EPSS
Exploits0References2
OSV
OSV
added 2026/03/28 4:4 p.m.4 views

HSEC-2026-0002 Hackage CSRF vulnerability

Hackage CSRF vulnerability Vulnerable File: src/Distribution/Server/Features/Votes.hs example Impact: can forge requests through XSS hackage-server lacked Cross-Site Request Forgery CSRF protection across its endpoints. Scripts on foreign sites could trigger requests to hackage server, possibly...

9.6CVSS5.8AI score0.00137EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/28 12:0 a.m.6 views

PT-2026-32987

Hackage CSRF vulnerability Vulnerable File: src/Distribution/Server/Features/Votes.hs example Impact: can forge requests through XSS hackage-server lacked Cross-Site Request Forgery CSRF protection across its endpoints. Scripts on foreign sites could trigger requests to hackage server, possibly...

9.6CVSS5.7AI score0.00137EPSS
Exploits0References5
Rows per page
Query Builder