5 matches found
CVE-2026-56423
Summary: CVE-2026-56423 affects MISP Core where bulk deletion (Event Reports and Sharing Groups) used broad role permissions instead of per-object authorization checks, enabling instance-wide deletions by eligible users. What was vulnerable: EventReportsController::deleteSelection relied on the g...
CVE-2025-30368
Zulip CVE-2025-30368 affects the Delete Organization Export API where permission checks could allow an administrator to delete an export belonging to another organization. Root cause: insufficient verification that the field being acted upon belongs to the caller’s organization. Impact: potential...
CVE-2025-30368 Zulip allows the deletion of organization by administrators of a different organization
Zulip is an open-source team collaboration tool. The API for deleting an organization export is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any organization wa...
CVE-2025-30368 Zulip allows the deletion of organization by administrators of a different organization
Zulip is an open-source team collaboration tool. The API for deleting an organization export is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any organization wa...
Cross-Site Request Forgery (CSRF) in tsolucio/corebos
✍️ Description Attacker able to delete any Organization with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know...