Lucene search
K

70 matches found

Vulnrichment
Vulnrichment
added 2026/06/12 7:34 p.m.7 views

CVE-2026-54358 MISP organization administrators can target site administrator accounts for password reset

An incorrect authorization vulnerability in MISP allows an organization administrator to target site administrator accounts belonging to the same organization through the administrative email functionality. The affected code restricted organization administrators to users within their own...

7.5CVSS5.3AI score0.00229EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 7:25 p.m.29 views

CVE-2026-54357 MISP improper authorization allows organization administrators to modify site administrator user settings

An improper authorization vulnerability in MISP allowed an authenticated organization administrator to access or modify user settings belonging to site administrator accounts within the same organization. The affected access-control checks scoped administrative actions by organization membership...

5.1CVSS0.00254EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.13 views

CVE-2026-10855

An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application checked whether a matching template already existed but did not verify that the importing user belonged to the organization that owned the...

5.1CVSS5.5AI score0.00154EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 1:5 p.m.14 views

CVE-2026-10855

CVE-2026-10855 concerns an authorization flaw in the MISP Event Template Importer overwrite workflow. During overwrite, the system checked for a matching template but did not verify that the importing user belonged to the organization that owned the template. This could allow an authenticated use...

5.1CVSS5.8AI score0.00154EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/04 1:5 p.m.9 views

CVE-2026-10855 MISP Event template importer authorization bypass

An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application checked whether a matching template already existed but did not verify that the importing user belonged to the organization that owned the...

5.1CVSS5.8AI score0.00154EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 12:51 p.m.8 views

CVE-2026-10854

A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enabled galaxies without applying organisation or distribution-based access restrictions, potentially...

5.3CVSS5.8AI score0.00176EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.14 views

PT-2026-46224

A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enabled galaxies without applying organisation or distribution-based access restrictions, potentially...

5.3CVSS5.8AI score0.00176EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.9 views

MISP 安全漏洞

MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics. It also includes functions such as analysis of threats to network security and malware analysis. MISP has a security vulnerability,...

5.3CVSS5.4AI score0.00176EPSS
Exploits0References1
NVD
NVD
added 2025/12/30 12:15 p.m.4 views

CVE-2025-14509

The Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.1.13. This is due to the plugin using eval to execute user-supplied input from the 'Conditional Tags' setting without proper validation or sanitization...

7.2CVSS0.00541EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/11/28 12:0 a.m.3 views

MISP 安全漏洞

MISP is an open source software solution from MISP Open Source. The product is used to collect, store, distribute, and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP versions prior to 2.5.27,...

4.1CVSS6.4AI score0.00267EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2025/11/26 12:0 a.m.172 views

📄 Microsoft Sharepoint Authentication Bypass

This is a proof of concept exploit for a Microsoft Sharepoint authentication bypass vulnerability discovered in 2023. ============================================================================================================================================= | Title : SharePoint Authentication...

9.8CVSS7.1AI score0.99618EPSS
Exploits11
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2012-2389

Malware in sbrugna...

5.5CVSS6AI score0.02614EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-2005

Malicious code in bioql PyPI...

7.2CVSS7.4AI score0.01572EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-3286

Malicious code in bioql PyPI...

7.2CVSS6.8AI score0.00646EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-6866

Malicious code in bioql PyPI...

4.9CVSS6.6AI score0.00901EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-1554

Malicious code in bioql PyPI...

4.3CVSS6.2AI score0.00708EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-33989

Malicious code in bioql PyPI...

9.8CVSS8.8AI score0.00634EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-24082

Malicious code in bioql PyPI...

6.1CVSS7AI score0.00673EPSS
Exploits3References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-11933

Malicious code in bioql PyPI...

7.5CVSS8.1AI score0.00204EPSS
Exploits0References4
OSV
OSV
added 2025/08/06 5:49 a.m.5 views

BIT-MOODLE-2024-43436 Moodle: site administration sql injection via xmldb editor

A SQL injection risk flaw was found in the XMLDB editor tool available to site administrators...

7.2CVSS7.1AI score0.00646EPSS
Exploits0References3
Rows per page
Query Builder