Lucene search
K

6413 matches found

Vulnrichment
Vulnrichment
added 2026/06/12 8:55 p.m.6 views

CVE-2026-54397 MISP event editing allows unauthorized assignment to undisclosed sharing groups

A vulnerability in MISP’s non-REST event editing path allowed an authenticated user with event edit permissions to manipulate the submitted form data and set an event’s sharinggroupid to a sharing group they were not authorized to use. When distribution was set to sharing group distribution, the...

6.1CVSS5.2AI score0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 8:55 p.m.32 views

CVE-2026-54397 MISP event editing allows unauthorized assignment to undisclosed sharing groups

A vulnerability in MISP’s non-REST event editing path allowed an authenticated user with event edit permissions to manipulate the submitted form data and set an event’s sharinggroupid to a sharing group they were not authorized to use. When distribution was set to sharing group distribution, the...

6.1CVSS0.00226EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:55 p.m.10 views

EUVD-2026-36577

A vulnerability in MISP’s non-REST event editing path allowed an authenticated user with event edit permissions to manipulate the submitted form data and set an event’s sharinggroupid to a sharing group they were not authorized to use. When distribution was set to sharing group distribution, the...

6.1CVSS5.2AI score0.00226EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 8:16 p.m.13 views

CVE-2026-54360

A mass assignment vulnerability exists in MISP’s sharing group creation endpoint. When creating a new sharing group, the controller did not remove a user-supplied id field before saving the submitted data. In CakePHP, supplying a primary key in the save data can cause a create followed by save...

8.4CVSS0.00226EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 7:51 p.m.7 views

CVE-2026-54360 MISP sharing group creation mass assignment allows unauthorized takeover of existing sharing groups

A mass assignment vulnerability exists in MISP’s sharing group creation endpoint. When creating a new sharing group, the controller did not remove a user-supplied id field before saving the submitted data. In CakePHP, supplying a primary key in the save data can cause a create followed by save...

8.4CVSS5.3AI score0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 7:51 p.m.33 views

CVE-2026-54360 MISP sharing group creation mass assignment allows unauthorized takeover of existing sharing groups

A mass assignment vulnerability exists in MISP’s sharing group creation endpoint. When creating a new sharing group, the controller did not remove a user-supplied id field before saving the submitted data. In CakePHP, supplying a primary key in the save data can cause a create followed by save...

8.4CVSS0.00226EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 7:51 p.m.11 views

EUVD-2026-36552

A mass assignment vulnerability exists in MISP’s sharing group creation endpoint. When creating a new sharing group, the controller did not remove a user-supplied id field before saving the submitted data. In CakePHP, supplying a primary key in the save data can cause a create followed by save...

8.4CVSS5.4AI score0.00226EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 7:51 p.m.18 views

CVE-2026-54360

CVE-2026-54360 affects MISP: the mass assignment in the sharing group creation flow (SharingGroupsController::add) allows an authenticated user to submit an existing group’s id, causing a create() followed by save() to update that group. This could enable takeover or alteration of sharing groups ...

8.4CVSS5.4AI score0.00226EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 7:25 p.m.13 views

CVE-2026-54357 MISP improper authorization allows organization administrators to modify site administrator user settings

An improper authorization vulnerability in MISP allowed an authenticated organization administrator to access or modify user settings belonging to site administrator accounts within the same organization. The affected access-control checks scoped administrative actions by organization membership...

5.1CVSS5.3AI score0.00254EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 4:16 p.m.16 views

CVE-2026-50087

The Aqara IAM/SSO gateway gw-builder.aqara.com exhibits a cross-origin request sharing vulnerability, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N 8.2 High...

8.2CVSS0.00192EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 3:1 p.m.26 views

CVE-2026-50088 Aqara Developer Portal cross-origin resource sharing

The Aqara Developer Portal developer.aqara.com and shared test environments developer-test.aqara.com, aiot-test.aqara.com exhibit cross-origin request sharing, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of...

8.2CVSS0.00182EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 3:1 p.m.14 views

CVE-2026-50088

The CVE-2026-50088 entry concerns cross-origin request sharing in Aqara’s Developer Portal (developer.aqara.com) and its shared test environments (developer-test.aqara.com, aiot-test.aqara.com). The issue is CWE-942: Permissive Cross-domain Policy with Untrusted Domains, with CVSS v3.1 vector AV:...

8.2CVSS5.3AI score0.00182EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 3:1 p.m.11 views

CVE-2026-50088 Aqara Developer Portal cross-origin resource sharing

The Aqara Developer Portal developer.aqara.com and shared test environments developer-test.aqara.com, aiot-test.aqara.com exhibit cross-origin request sharing, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of...

8.2CVSS5.2AI score0.00182EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 3:1 p.m.10 views

CVE-2026-50087 Aqara IAM/SSO Gateway cross-origin resource sharing

The Aqara IAM/SSO gateway gw-builder.aqara.com exhibits a cross-origin request sharing vulnerability, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N 8.2 High...

8.2CVSS5.3AI score0.00192EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 3:1 p.m.14 views

CVE-2026-50087

Technical details (affected product/version, root cause, remediation) are not publicly available in the provided documents. Monitor for updates.

8.2CVSS5.3AI score0.00192EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 3:1 p.m.7 views

EUVD-2026-36477

The Aqara IAM/SSO gateway gw-builder.aqara.com exhibits a cross-origin request sharing vulnerability, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N 8.2 High...

8.2CVSS5.2AI score0.00192EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-49067

Name of the Vulnerable Software and Affected Versions File Browser affected versions not specified Description File Browser fails to properly validate symbolic links, allowing scoped users or unauthenticated public-share recipients to access files outside their intended directory boundaries. Whil...

7.5CVSS5.3AI score0.0046EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.11 views

PT-2026-48911

Name of the Vulnerable Software and Affected Versions Aqara IAM/SSO gateway affected versions not specified Description The Aqara IAM/SSO gateway at 'gw-builder.aqara.com' contains a cross-origin resource sharing issue. This is a permissive cross-domain policy with untrusted domains, which allows...

8.2CVSS5.2AI score0.00192EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-48999

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An issue in the non-REST event editing path allows an authenticated user with event edit permissions to manipulate submitted form data. By tampering with the event edit request, a user can set t...

6.1CVSS5.2AI score0.00226EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48972

A mass assignment vulnerability exists in MISP’s sharing group creation endpoint. When creating a new sharing group, the controller did not remove a user-supplied id field before saving the submitted data. In CakePHP, supplying a primary key in the save data can cause a create followed by save...

8.4CVSS5.3AI score0.00226EPSS
Exploits0References2
Rows per page
Query Builder