70 matches found
CVE-2026-54358 MISP organization administrators can target site administrator accounts for password reset
An incorrect authorization vulnerability in MISP allows an organization administrator to target site administrator accounts belonging to the same organization through the administrative email functionality. The affected code restricted organization administrators to users within their own...
CVE-2026-54357 MISP improper authorization allows organization administrators to modify site administrator user settings
An improper authorization vulnerability in MISP allowed an authenticated organization administrator to access or modify user settings belonging to site administrator accounts within the same organization. The affected access-control checks scoped administrative actions by organization membership...
CVE-2026-10855
An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application checked whether a matching template already existed but did not verify that the importing user belonged to the organization that owned the...
CVE-2026-10855
CVE-2026-10855 concerns an authorization flaw in the MISP Event Template Importer overwrite workflow. During overwrite, the system checked for a matching template but did not verify that the importing user belonged to the organization that owned the template. This could allow an authenticated use...
CVE-2026-10855 MISP Event template importer authorization bypass
An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application checked whether a matching template already existed but did not verify that the importing user belonged to the organization that owned the...
CVE-2026-10854
A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enabled galaxies without applying organisation or distribution-based access restrictions, potentially...
PT-2026-46224
A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enabled galaxies without applying organisation or distribution-based access restrictions, potentially...
MISP 安全漏洞
MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics. It also includes functions such as analysis of threats to network security and malware analysis. MISP has a security vulnerability,...
CVE-2025-14509
The Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.1.13. This is due to the plugin using eval to execute user-supplied input from the 'Conditional Tags' setting without proper validation or sanitization...
MISP 安全漏洞
MISP is an open source software solution from MISP Open Source. The product is used to collect, store, distribute, and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP versions prior to 2.5.27,...
📄 Microsoft Sharepoint Authentication Bypass
This is a proof of concept exploit for a Microsoft Sharepoint authentication bypass vulnerability discovered in 2023. ============================================================================================================================================= | Title : SharePoint Authentication...
EUVD-2012-2389
Malware in sbrugna...
EUVD-2022-2005
Malicious code in bioql PyPI...
EUVD-2024-3286
Malicious code in bioql PyPI...
EUVD-2022-6866
Malicious code in bioql PyPI...
EUVD-2022-1554
Malicious code in bioql PyPI...
EUVD-2024-33989
Malicious code in bioql PyPI...
EUVD-2023-24082
Malicious code in bioql PyPI...
EUVD-2025-11933
Malicious code in bioql PyPI...
BIT-MOODLE-2024-43436 Moodle: site administration sql injection via xmldb editor
A SQL injection risk flaw was found in the XMLDB editor tool available to site administrators...