Lucene search
K

64 matches found

Vulnrichment
Vulnrichment
added 2026/06/12 7:25 p.m.12 views

CVE-2026-54357 MISP improper authorization allows organization administrators to modify site administrator user settings

An improper authorization vulnerability in MISP allowed an authenticated organization administrator to access or modify user settings belonging to site administrator accounts within the same organization. The affected access-control checks scoped administrative actions by organization membership...

5.1CVSS5.3AI score0.00254EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 7:25 p.m.7 views

EUVD-2026-36549

An improper authorization vulnerability in MISP allowed an authenticated organization administrator to access or modify user settings belonging to site administrator accounts within the same organization. The affected access-control checks scoped administrative actions by organization membership...

5.1CVSS5.2AI score0.00254EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 7:25 p.m.18 views

CVE-2026-54357

CVE-2026-54357 describes an improper authorization flaw in MISP where an authenticated organization administrator could access or modify user settings of site administrators within the same organization. The underlying issue is that access-control checks scoped administrative actions by organizat...

5.1CVSS5.3AI score0.00254EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.13 views

PT-2026-48966

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An improper authorization issue allows an authenticated organization administrator to access or modify user settings of site administrator accounts within the same organization. This occurs...

5.1CVSS5.1AI score0.00254EPSS
Exploits0References3
OSV
OSV
added 2026/05/06 8:37 p.m.7 views

GHSA-JRC5-W569-H7H5 phpMyFAQ: Ordinary Authenticated User Can Access Admin-Only API Endpoints Due to Insufficient Authorization Check in phpMyFAQ

Summary A review of phpMyFAQ-main uncovered an authorization issue in the admin-api routes. Several backend endpoints only check whether the caller is logged in. They do not verify that the caller actually has backend or administrative privileges. As a result, a normal frontend user can access AP...

4.3CVSS5.6AI score0.00168EPSS
Exploits0References4
NVD
NVD
added 2026/04/20 9:16 p.m.3 views

CVE-2026-29646

In OpenXiangShan NEMU prior to 55295c4, when running with RVH Hypervisor extension enabled, a VS-mode guest write to the supervisor interrupt-enable CSR sie may be handled incorrectly and can influence machine-level interrupt enable state mie. This breaks privilege/virtualization isolation and ca...

9.8CVSS0.00365EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/20 12:0 a.m.33 views

CVE-2026-29646

In OpenXiangShan NEMU prior to 55295c4, when running with RVH Hypervisor extension enabled, a VS-mode guest write to the supervisor interrupt-enable CSR sie may be handled incorrectly and can influence machine-level interrupt enable state mie. This breaks privilege/virtualization isolation and ca...

0.00365EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.9 views

MiracleLinux 4 : bash-4.1.2-15.AXS4.2 (AXSA:2014-554:02)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2014-554:02 advisory. Description : The GNU Bourne Again shell Bash is a shell or command language interpreter that is compatible with the Bourne shell sh. Bash incorporat...

10CVSS9.2AI score0.99999EPSS
Exploits141References5
RedhatCVE
RedhatCVE
added 2025/12/18 12:40 p.m.4 views

CVE-2025-14095

A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The...

8.4CVSS6.6AI score0.00399EPSS
Exploits0References1
NVD
NVD
added 2025/12/17 12:15 p.m.5 views

CVE-2025-14095

A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The...

6.8CVSS0.00143EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/17 11:45 a.m.3 views

EUVD-2025-203887

A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The...

8.4CVSS6.1AI score0.00399EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/17 11:45 a.m.30 views

CVE-2025-14095 Privilege boundary violation in Radiometer Products

A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The...

6.8CVSS0.00143EPSS
Exploits0References1
CVE
CVE
added 2025/12/17 11:45 a.m.16 views

CVE-2025-14095

CVE-2025-14095, CVE-2025-14096, and CVE-2025-14097 describe vulnerabilities in multiple Radiometer products. The issues arise from design weaknesses in application/OS access control, credential protection, and remote code execution conditions, with exploitation involving physical access (for 1409...

6.8CVSS6.2AI score0.00143EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.4 views

PT-2025-51823

A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The...

8.4CVSS6.6AI score0.00399EPSS
Exploits0References2
OSV
OSV
added 2024/10/17 10:15 p.m.4 views

CVE-2024-27766

An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the libmysqludfsys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed...

5.7CVSS6.1AI score0.01186EPSS
Exploits2References2
Prion
Prion
added 2023/05/15 10:15 p.m.18 views

Design/Logic Flaw

In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11...

4.3CVSS7.6AI score0.00086EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 6:7 a.m.4 views

SUSE CVE-2008-3916

Heap-based buffer overflow in the stripescapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege...

9.3CVSS8.3AI score0.03595EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:27 a.m.9 views

SUSE CVE-2014-6271

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...

9.8CVSS8AI score0.99999EPSS
Exploits130References39
SUSE CVE
SUSE CVE
added 2023/02/15 5:27 a.m.10 views

SUSE CVE-2014-6278

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and...

10CVSS7.9AI score0.99621EPSS
Exploits31References23
SUSE CVE
SUSE CVE
added 2023/02/15 5:26 a.m.9 views

SUSE CVE-2014-7169

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the...

9.8CVSS7.8AI score0.9994EPSS
Exploits17References41
Rows per page
Query Builder