Lucene search
K

7529 matches found

cvelist
cvelist
added 5 days ago30 views

CVE-2026-60125 importModule function in MISP ignores per-organisation import module restrictions

MISP’s importModule path used getEnabledModule to resolve a single import module by name, but this lookup did not enforce the per-organisation module restriction checked by getEnabledModules. As a result, an authenticated user from an organisation that was not allowed to use a module restricted v...

5.3CVSS0.00207EPSS
Exploits0References1
cve
cve
added 5 days ago10 views

CVE-2026-60125

CVE-2026-60125 affects MISP: the importModule() path used getEnabledModule() to resolve a module by name, but did not enforce per-organisation restrictions implemented by getEnabledModules(). This can allow an authenticated user from an organisation not allowed to use a restricted module (Plugin....

5.3CVSS5.9AI score0.00207EPSS
Exploits0References1
attackerkb
attackerkb
added 5 days ago6 views

CVE-2026-60125

MISP’s importModule path used getEnabledModule to resolve a single import module by name, but this lookup did not enforce the per-organisation module restriction checked by getEnabledModules. As a result, an authenticated user from an organisation that was not allowed to use a module restricted v...

5.3CVSS5.9AI score0.00207EPSS
Exploits0References2
cvelist
cvelist
added 6 days ago30 views

CVE-2026-55077 Coder: User-admin role can reset owner account password

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the PUT /api/v2/users/user/password endpoint authorized only ActionUpdatePersonal and did not prevent a user-admin from resetting an owner account's passwor...

7.2CVSS0.00615EPSS
Exploits0References6
nvd
nvd
added 6 days ago6 views

CVE-2026-12352

This vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device...

5.9CVSS0.00259EPSS
Exploits0References1
euvd
euvd
added 6 days ago7 views

EUVD-2026-42047

This vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device...

5.9CVSS6AI score0.00259EPSS
Exploits0References1
cvelist
cvelist
added 6 days ago34 views

CVE-2026-12352 Incorrect Authorization

This vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device...

5.9CVSS0.00259EPSS
Exploits0References1
attackerkb
attackerkb
added 6 days ago7 views

CVE-2026-12352

This vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device...

5.9CVSS6AI score0.00259EPSS
Exploits0References2
cve
cve
added 6 days ago15 views

CVE-2026-12352

Technical details (affected products/versions, root cause, exploit conditions, or remediation) are not publicly provided in the supplied documents. Monitor for updates on CVE-2026-12352.

5.9CVSS6AI score0.00259EPSS
Exploits0References1
nvd
nvd
added 6 days ago9 views

CVE-2026-53648

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.1, downloadable product files are stored using a deterministic filename-derived path. When an administrator uploads a file for a downloadable product, FOSSBilling stores the file as md5 under the uploads...

5.1CVSS0.00264EPSS
Exploits0References1
ptsecurity
ptsecurity
added 6 days ago11 views

PT-2026-56192

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description An unauthenticated actor can bypass authentication to gain access to restricted resources on the device. Recommendations At the moment, there is no information...

5.9CVSS6.1AI score0.00259EPSS
Exploits0References5
nessus
nessus
added 6 days ago7 views

Cisco Catalyst Center Arbitrary File Read (cisco-sa-catc-file-read-wLH2vf8X)

The version of Cisco Catalyst Center formerly Cisco DNA Center installed on the remote host is affected by a vulnerability. - A vulnerability in Cisco Catalyst Center could allow an unauthenticated, remote attacker to read arbitrary files from a restricted container. This vulnerability is due to...

7.5CVSS7.3AI score0.00756EPSS
Exploits0References3
nvd
nvd
added 2026/07/06 5:16 p.m.9 views

CVE-2026-40141

A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to acces...

9.9CVSS0.00478EPSS
Exploits0References1
nvd
nvd
added 2026/07/06 3:16 p.m.8 views

CVE-2026-7185

A validation vulnerability has been identified in certain web features related to file management or upload in several products of the TAO 2.0 suite. This vulnerability could allow an attacker capable of interacting with the affected feature to attempt to access file system resources outside the...

6CVSS0.00292EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/06 1:10 p.m.10 views

CVE-2026-7185

A validation vulnerability has been identified in certain web features related to file management or upload in several products of the TAO 2.0 suite. This vulnerability could allow an attacker capable of interacting with the affected feature to attempt to access file system resources outside the...

6CVSS5.8AI score0.00292EPSS
Exploits0References2
redhat
redhat
added 2026/07/06 3:52 a.m.4 views

golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...

9.6CVSS5.9AI score0.00478EPSS
Exploits0References8
bdu_fstec
bdu_fstec
added 2026/07/06 12:0 a.m.4 views

The vulnerability of the ColdFusion software platform arises from an incorrect restriction on the path to the restricted directory. This allows attackers to execute arbitrary code.

The vulnerability of the ColdFusion software platform exists due to an incorrect limitation on the path name to the restricted access catalog. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS6.4AI score0.28583EPSS
Exploits3References7
nvd
nvd
added 2026/07/03 9:16 a.m.9 views

CVE-2026-11900

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 2.8.16 via the 'data' attribute of the adinserter shortcode. This is due to the replaceaitags function processing a reusable-block-N tag pattern that...

4.3CVSS0.00273EPSS
Exploits0References10
attackerkb
attackerkb
added 2026/07/03 7:48 a.m.10 views

CVE-2026-47897

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache Lucene.Net Lucene.Net.Replicator library. This issue affects Apache Lucene.Net.Replicator: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended to upgrade to version 4.8.0-beta00018,...

8.9CVSS5.9AI score0.00616EPSS
Exploits0References2
nvd
nvd
added 2026/07/03 3:16 a.m.7 views

CVE-2022-4990

UNSUPPORTED WHEN ASSIGNED Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to bypass security validation and access restricted memory blocks via crafted IOCTL requests, leading to privilege escalation...

7.3CVSS0.00096EPSS
Exploits0References1
Rows per page
Query Builder