Lucene search
K

603 matches found

NVD
NVD
added 2026/06/12 8:16 p.m.11 views

CVE-2026-54358

An incorrect authorization vulnerability in MISP allows an organization administrator to target site administrator accounts belonging to the same organization through the administrative email functionality. The affected code restricted organization administrators to users within their own...

7.5CVSS0.00229EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 8:16 p.m.12 views

CVE-2026-54357

An improper authorization vulnerability in MISP allowed an authenticated organization administrator to access or modify user settings belonging to site administrator accounts within the same organization. The affected access-control checks scoped administrative actions by organization membership...

5.1CVSS0.00254EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 7:34 p.m.29 views

CVE-2026-54358 MISP organization administrators can target site administrator accounts for password reset

An incorrect authorization vulnerability in MISP allows an organization administrator to target site administrator accounts belonging to the same organization through the administrative email functionality. The affected code restricted organization administrators to users within their own...

7.5CVSS0.00229EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 7:34 p.m.7 views

EUVD-2026-36550

An incorrect authorization vulnerability in MISP allows an organization administrator to target site administrator accounts belonging to the same organization through the administrative email functionality. The affected code restricted organization administrators to users within their own...

7.5CVSS5.4AI score0.00229EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 7:34 p.m.16 views

CVE-2026-54358

The CVE concerns MISP where an organization administrator can target site administrator accounts within the same organization via the administrative email function due to a faulty authorization check that fails to exclude site-admin recipients from queries. This allows privileged account-manageme...

7.5CVSS5.4AI score0.00229EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 7:25 p.m.12 views

CVE-2026-54357 MISP improper authorization allows organization administrators to modify site administrator user settings

An improper authorization vulnerability in MISP allowed an authenticated organization administrator to access or modify user settings belonging to site administrator accounts within the same organization. The affected access-control checks scoped administrative actions by organization membership...

5.1CVSS5.3AI score0.00254EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 7:25 p.m.7 views

EUVD-2026-36549

An improper authorization vulnerability in MISP allowed an authenticated organization administrator to access or modify user settings belonging to site administrator accounts within the same organization. The affected access-control checks scoped administrative actions by organization membership...

5.1CVSS5.2AI score0.00254EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 7:25 p.m.18 views

CVE-2026-54357

CVE-2026-54357 describes an improper authorization flaw in MISP where an authenticated organization administrator could access or modify user settings of site administrators within the same organization. The underlying issue is that access-control checks scoped administrative actions by organizat...

5.1CVSS5.3AI score0.00254EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.12 views

PT-2026-48970

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An incorrect authorization issue allows an organization administrator to target site administrator accounts within the same organization using the administrative email functionality. The system...

7.5CVSS5.1AI score0.00229EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.13 views

PT-2026-48966

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An improper authorization issue allows an authenticated organization administrator to access or modify user settings of site administrator accounts within the same organization. This occurs...

5.1CVSS5.1AI score0.00254EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.9 views

CVE-2026-4091

The OPEN-BRAIN plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.0. This is due to missing nonce verification on the settings form in the funcpagemain function. This makes it possible for unauthenticated attackers to inject malicious web...

6.1CVSS5.4AI score0.00211EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 2:16 p.m.10 views

CVE-2026-10854

A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enabled galaxies without applying organisation or distribution-based access restrictions, potentially...

5.3CVSS0.00176EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 1:5 p.m.9 views

CVE-2026-10855

An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application checked whether a matching template already existed but did not verify that the importing user belonged to the organization that owned the...

5.1CVSS5.8AI score0.00154EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/04 1:5 p.m.9 views

EUVD-2026-34259

An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application checked whether a matching template already existed but did not verify that the importing user belonged to the organization that owned the...

5.1CVSS5.8AI score0.00154EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/20 1:25 a.m.36 views

CVE-2026-6391 Sentence To SEO (keywords, description and tags) <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Page Parameters

The Sentence To SEO keywords, description and tags plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the createadminpage function. This makes it possible for unauthenticated attackers...

6.1CVSS0.00174EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/05/15 1:57 a.m.12 views

CVE-2026-44380

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in the authentication key reset functionality allowed an authenticated organization administrator to reset authentication keys belonging to site administrator accounts within...

8.6CVSS5.8AI score0.00403EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.18 views

PT-2026-40910

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check combined with a user-controlled backup...

8.1CVSS5.9AI score0.00464EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/13 8:51 p.m.6 views

CVE-2026-44380

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in the authentication key reset functionality allowed an authenticated organization administrator to reset authentication keys belonging to site administrator accounts within...

8.6CVSS5.8AI score0.00403EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/13 8:51 p.m.9 views

EUVD-2026-30167

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in the authentication key reset functionality allowed an authenticated organization administrator to reset authentication keys belonging to site administrator accounts within...

8.6CVSS5.8AI score0.00403EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 8:51 p.m.8 views

CVE-2026-44380 MISP: Improper access control in auth key reset allows privilege escalation to site administrator

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in the authentication key reset functionality allowed an authenticated organization administrator to reset authentication keys belonging to site administrator accounts within...

8.6CVSS5.8AI score0.00403EPSS
Exploits0References1
Rows per page
Query Builder