Lucene search
K

6 matches found

NVD
NVD
added 2026/06/12 10:16 p.m.12 views

CVE-2026-54398

An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions to assign a MISP object, or attributes contained within an object, to a sharing group that the user was not authorized to use or view. When editing objects, the sharing group...

5.3CVSS0.0022EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 9:8 p.m.7 views

CVE-2026-54398 MISP object edit authorization bypass allows unauthorized sharing group assignment

An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions to assign a MISP object, or attributes contained within an object, to a sharing group that the user was not authorized to use or view. When editing objects, the sharing group...

5.3CVSS5.4AI score0.0022EPSS
Exploits0References1
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/09/12 5:16 a.m.12 views

Living off the land, GPO style

TL;DR The ability to edit Group Policy Object GPOs from non-domain joined computers using the native Group Policy editor has been on my list for a long time. This blog post takes a deep dive into what steps were taken to find out why domain joined machines are needed in the first place and what...

7.4AI score
Exploits0
OSV
OSV
added 2022/11/04 12:0 p.m.26 views

GHSA-653V-RQX9-J85P deep-object-diff vulnerable to Prototype Pollution

deep-object-diff before version 1.1.6 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited. This issue was fixed in version 1.1.9...

5.3CVSS5AI score0.00643EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2022/11/04 12:0 p.m.55 views

deep-object-diff vulnerable to Prototype Pollution

deep-object-diff before version 1.1.6 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited. This issue was fixed in version 1.1.9...

5.3CVSS5.4AI score0.00643EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2008/03/24 9:44 p.m.22 views

CVE-2008-1469

Gallarific Free Edition 1.1 does not require authentication for 1 photos.php, 2 comments.php, and 3 gallery.php in gadmin/, which allows remote attackers to edit objects via a direct request, different vectors than CVE-2008-1327. NOTE: the provenance of this information is unknown; the details ar...

6.4CVSS6.5AI score0.0118EPSS
Exploits0References1
Rows per page
Query Builder