10 matches found
CVE-2026-54358
An incorrect authorization vulnerability in MISP allows an organization administrator to target site administrator accounts belonging to the same organization through the administrative email functionality. The affected code restricted organization administrators to users within their own...
CVE-2026-54358
The CVE concerns MISP where an organization administrator can target site administrator accounts within the same organization via the administrative email function due to a faulty authorization check that fails to exclude site-admin recipients from queries. This allows privileged account-manageme...
CVE-2026-54358 MISP organization administrators can target site administrator accounts for password reset
An incorrect authorization vulnerability in MISP allows an organization administrator to target site administrator accounts belonging to the same organization through the administrative email functionality. The affected code restricted organization administrators to users within their own...
CVE-2026-54358 MISP organization administrators can target site administrator accounts for password reset
An incorrect authorization vulnerability in MISP allows an organization administrator to target site administrator accounts belonging to the same organization through the administrative email functionality. The affected code restricted organization administrators to users within their own...
PT-2026-48970
Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An incorrect authorization issue allows an organization administrator to target site administrator accounts within the same organization using the administrative email functionality. The system...
EUVD-2025-25166
Malicious code in bioql PyPI...
Tucows (VDP): CSRF allowing unauthorized modification of user Notes on ███████
A CSRF vulnerability was discovered that allowed unauthorized modification of user notes. The vulnerability was present in the endpoint that handled saving the notes. The endpoint did not implement proper CSRF protection, allowing an attacker to craft a malicious link that could be used to modify...
CVE-2025-43739
This CVE affects Liferay Portal 7.4.0–7.4.3.132 and Liferay DXP releases 2025.Q1.0–2025.Q1.6, 2024.Q4.0–2024.Q4.7, 2024.Q3.1–2024.Q3.13, 2024.Q2.0–2024.Q2.13, 2024.Q1.1–2024.Q1.16, and 7.4 GA → update 92. The root cause is improper modification of emails generated by the calendar portlet, enablin...
CVE-2025-43739
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allow any authenticated user to modify the content of emails sent...
CVE-2021-30480
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat...