Lucene search
K

83 matches found

NVD
NVD
added 2026/06/12 9:16 p.m.11 views

CVE-2026-54362

An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin users to view galaxies that should not have been visible to their organisation. The custom access-control condition intended to restrict galaxies to those owned by the user’s organisation or...

5.3CVSS0.00207EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 8:30 p.m.7 views

CVE-2026-54394 MISP organisation logo path traversal allows retrieval of arbitrary PNG/SVG files

MISP contains a path traversal vulnerability in OrganisationsController::getOrgLogo. The vulnerable code builds organisation logo file paths using organisation-controlled fields such as id, name, and uuid without ensuring that the resolved file remains inside the intended APP/files/img/orgs/...

5.3CVSS5.5AI score0.00319EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 8:30 p.m.29 views

CVE-2026-54394 MISP organisation logo path traversal allows retrieval of arbitrary PNG/SVG files

MISP contains a path traversal vulnerability in OrganisationsController::getOrgLogo. The vulnerable code builds organisation logo file paths using organisation-controlled fields such as id, name, and uuid without ensuring that the resolved file remains inside the intended APP/files/img/orgs/...

5.3CVSS0.00319EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 8:30 p.m.23 views

CVE-2026-54394

The CVE-2026-54394 entry describes a path traversal vulnerability in MISP's OrganisationsController::getOrgLogo. The vulnerable code constructs paths to organisation logos using fields like id, name, and uuid without enforcing that the resolved path stays under APP/files/img/orgs/. An attacker ab...

5.3CVSS5.6AI score0.00319EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:8 p.m.7 views

EUVD-2026-36580

An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin users to view galaxies that should not have been visible to their organisation. The custom access-control condition intended to restrict galaxies to those owned by the user’s organisation or...

5.3CVSS5.4AI score0.00207EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 8:8 p.m.15 views

CVE-2026-54362

The CVE concerns MISP's event template builder where an incorrect visibility condition allowed authenticated non-site-admin users to see galaxies outside their organisation. The root cause is a PHP comparison expression used instead of a query condition, causing enabled galaxies, including organi...

5.3CVSS5.4AI score0.00207EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 8:8 p.m.7 views

CVE-2026-54362 MISP template builder exposes non-visible custom galaxies across organisations

An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin users to view galaxies that should not have been visible to their organisation. The custom access-control condition intended to restrict galaxies to those owned by the user’s organisation or...

5.3CVSS5.3AI score0.00207EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.12 views

PT-2026-48994

An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin users to view galaxies that should not have been visible to their organisation. The custom access-control condition intended to restrict galaxies to those owned by the user’s organisation or...

5.3CVSS5.3AI score0.00207EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.9 views

CVE-2026-6585

A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This issue affects the function updateorganisation of the file superagi/controllers/organisation.py of the component Organisation Update Endpoint. This manipulation of the argument organisationid causes authorization...

5.5CVSS5.5AI score0.003EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.10 views

CVE-2026-10864

A vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the fields option and influence which fields were returned by the New Users and New Organisations widgets. In some cases, requesting a field set that became empty after validation or redaction could cause th...

5.3CVSS5.5AI score0.00176EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.11 views

CVE-2026-10854

A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enabled galaxies without applying organisation or distribution-based access restrictions, potentially...

5.3CVSS5.4AI score0.00176EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 1:54 p.m.33 views

CVE-2026-10864 MISP Dashboard widget field selection may expose restricted user and organisation data

A vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the fields option and influence which fields were returned by the New Users and New Organisations widgets. In some cases, requesting a field set that became empty after validation or redaction could cause th...

5.3CVSS0.00176EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 1:54 p.m.8 views

CVE-2026-10864 MISP Dashboard widget field selection may expose restricted user and organisation data

A vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the fields option and influence which fields were returned by the New Users and New Organisations widgets. In some cases, requesting a field set that became empty after validation or redaction could cause th...

5.3CVSS5.8AI score0.00176EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 1:54 p.m.12 views

CVE-2026-10864

The vulnerability CVE-2026-10864 affects MISP dashboard widgets (New Users and New Organisations). The issue stems from how field filtering and redaction are applied to the user-selected field list, which could leave the field set empty and cause the underlying query to fall back to returning uni...

5.3CVSS5.8AI score0.00176EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/04 12:51 p.m.37 views

CVE-2026-10854 Unauthorized exposure of private galaxies in MISP event template creation

A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enabled galaxies without applying organisation or distribution-based access restrictions, potentially...

5.3CVSS0.00176EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 12:51 p.m.9 views

EUVD-2026-34257

A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enabled galaxies without applying organisation or distribution-based access restrictions, potentially...

5.3CVSS5.8AI score0.00176EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 12:51 p.m.8 views

CVE-2026-10854

A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enabled galaxies without applying organisation or distribution-based access restrictions, potentially...

5.3CVSS5.8AI score0.00176EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.14 views

PT-2026-46224

A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enabled galaxies without applying organisation or distribution-based access restrictions, potentially...

5.3CVSS5.8AI score0.00176EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.18 views

PT-2026-46238

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An issue in the dashboard widgets allows an authenticated user to manipulate the fields option to influence the data returned by the New Users and New Organisations widgets. When a requested fie...

5.3CVSS5.4AI score0.00176EPSS
Exploits0References4
NVD
NVD
added 2026/05/12 6:17 p.m.11 views

CVE-2026-42300

DevGuard provides vulnerability management for the full software supply chain. Prior to 1.2.2, the SessionMiddleware accepts a client-supplied X-Admin-Token HTTP request header and uses its raw string value as the authenticated userID when no Kratos session cookie is present. An unauthenticated...

9.3CVSS0.00257EPSS
Exploits0References2
Rows per page
Query Builder