11 matches found
CVE-2026-56424
MISP core contained multiple broken access-control flaws where authorization checks were performed against the wrong entity, or where ownership/editability checks were missing on write paths. In affected subsystems, a lower-privileged authenticated user with the relevant feature permission could...
PT-2026-51308
Name of the Vulnerable Software and Affected Versions MISP core affected versions not specified Description Broken access-control flaws exist where authorization checks are performed against incorrect entities or ownership and editability checks are missing on write paths. This allows a...
CVE-2026-41888
Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...
EUVD-2024-0206
Malicious code in bioql PyPI...
CVE-2019-18369
In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible...
CVE-2024-56669
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Remove cache tags before disabling ATS The current implementation removes cache tags after disabling ATS, leading to potential memory leaks and kernel crashes. Specifically, CACHETAGDEVTLB type cache tags may still...
WordPress plugin PhotoGallery 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
The vulnerability in the web interface of the Cisco IoT Control Center allows a perpetrator to execute arbitrary code or access confidential information.
The vulnerability in the web interface of the Cisco IoT Control Center relates to the failure to remove scipt-related HTML tags from the website. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or gain access to confidential information through a specially crafted...
CVE-2019-18369
In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible...
CVE-2019-18369
In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible...
SuSE 11.2 Security Update : libwebkit (SAT Patch Number 7114)
Two issues in libwebkit have been fixed : - Webkit CSS Text Element Count remote code execution was fixed. CVE-2011-1290 - WebKit WBR Tag Removal remote code execution was fixed. CVE-2011-1344 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...