Lucene search
K

61 matches found

EUVD
EUVD
added 2026/06/20 3:24 p.m.10 views

EUVD-2026-38116

Capgo before 12.128.2 fails to enforce a maximum value on the minimum password length field in its password policy configuration. An authenticated organization administrator can set an extremely large numeric value e.g., billions of characters as the minimum password length, making compliance...

6.9CVSS5.9AI score0.00272EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 8:16 p.m.14 views

CVE-2026-54358

An incorrect authorization vulnerability in MISP allows an organization administrator to target site administrator accounts belonging to the same organization through the administrative email functionality. The affected code restricted organization administrators to users within their own...

7.5CVSS0.00229EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 8:16 p.m.12 views

CVE-2026-54357

An improper authorization vulnerability in MISP allowed an authenticated organization administrator to access or modify user settings belonging to site administrator accounts within the same organization. The affected access-control checks scoped administrative actions by organization membership...

5.1CVSS0.00254EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 7:34 p.m.31 views

CVE-2026-54358 MISP organization administrators can target site administrator accounts for password reset

An incorrect authorization vulnerability in MISP allows an organization administrator to target site administrator accounts belonging to the same organization through the administrative email functionality. The affected code restricted organization administrators to users within their own...

7.5CVSS0.00229EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 7:34 p.m.9 views

EUVD-2026-36550

An incorrect authorization vulnerability in MISP allows an organization administrator to target site administrator accounts belonging to the same organization through the administrative email functionality. The affected code restricted organization administrators to users within their own...

7.5CVSS5.4AI score0.00229EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 7:25 p.m.13 views

CVE-2026-54357 MISP improper authorization allows organization administrators to modify site administrator user settings

An improper authorization vulnerability in MISP allowed an authenticated organization administrator to access or modify user settings belonging to site administrator accounts within the same organization. The affected access-control checks scoped administrative actions by organization membership...

5.1CVSS5.3AI score0.00254EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 7:25 p.m.8 views

EUVD-2026-36549

An improper authorization vulnerability in MISP allowed an authenticated organization administrator to access or modify user settings belonging to site administrator accounts within the same organization. The affected access-control checks scoped administrative actions by organization membership...

5.1CVSS5.2AI score0.00254EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.14 views

PT-2026-48970

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An incorrect authorization issue allows an organization administrator to target site administrator accounts within the same organization using the administrative email functionality. The system...

7.5CVSS5.1AI score0.00229EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-48966

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An improper authorization issue allows an authenticated organization administrator to access or modify user settings of site administrator accounts within the same organization. This occurs...

5.1CVSS5.1AI score0.00254EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/21 8:34 p.m.9 views

EUVD-2026-31345

LiteLLM prior to 1.83.10 allows a user to modify their own userrole via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxyadmin...

8.8CVSS5.8AI score0.00653EPSS
Exploits2References7
RedhatCVE
RedhatCVE
added 2026/05/15 1:57 a.m.12 views

CVE-2026-44380

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in the authentication key reset functionality allowed an authenticated organization administrator to reset authentication keys belonging to site administrator accounts within...

8.6CVSS5.8AI score0.00403EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 8:51 p.m.8 views

CVE-2026-44380 MISP: Improper access control in auth key reset allows privilege escalation to site administrator

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in the authentication key reset functionality allowed an authenticated organization administrator to reset authentication keys belonging to site administrator accounts within...

8.6CVSS5.8AI score0.00403EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/13 8:51 p.m.10 views

EUVD-2026-30167

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in the authentication key reset functionality allowed an authenticated organization administrator to reset authentication keys belonging to site administrator accounts within...

8.6CVSS5.8AI score0.00403EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.11 views

PT-2026-40808

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in the authentication key reset functionality allowed an authenticated organization administrator to reset authentication keys belonging to site administrator accounts within...

8.6CVSS5.8AI score0.00403EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 5:25 p.m.14 views

CVE-2026-42300

CVE-2026-42300 affects DevGuard’s SessionMiddleware and related components prior to version 1.2.2. The vulnerability arises because a client-supplied header, X-Admin-Token , is accepted and its raw value is used as the authenticated userID when no Kratos session cookie is present. An attacker who...

9.3CVSS5.9AI score0.00257EPSS
Exploits0References2
OSV
OSV
added 2026/05/05 8:58 p.m.4 views

GHSA-2G9V-7MR5-FGJG DevGuard has an unauthenticated identity assertion via `X-Admin-Token` header

Impact The SessionMiddleware accepts a client-supplied X-Admin-Token HTTP request header and uses its raw string value as the authenticated userID when no Kratos session cookie is present. An unauthenticated attacker who knows or can guess a target user's Kratos identity UUID can issue requests a...

9.3CVSS5.8AI score0.00257EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/08 6:34 p.m.2 views

EUVD-2026-20517

A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the specified registry hostname without verifying that it points to a legitimate external service. An...

5.2CVSS5.9AI score0.00256EPSS
Exploits0References3
NVD
NVD
added 2026/04/08 6:26 p.m.4 views

CVE-2026-32591

A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the specified registry hostname without verifying that it points to a legitimate external service. An...

5.5CVSS0.00256EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/08 5:6 p.m.6 views

CVE-2026-32591

A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the specified registry hostname without verifying that it points to a legitimate external service. An...

5.5CVSS5.9AI score0.00256EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/08 5:6 p.m.28 views

CVE-2026-32591 Mirror-registry: quay: server-side request forgery in proxy cache upstream registry configuration

A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the specified registry hostname without verifying that it points to a legitimate external service. An...

5.2CVSS0.00256EPSS
Exploits0References3
Rows per page
Query Builder