CVE-2026-56424 Broken access control in MISP core allows cross-organization unauthorized modification or deletion of analyst data, event reports, collections, templates, and decaying models

MISP core contained multiple broken access-control flaws where authorization checks were performed against the wrong entity, or where ownership/editability checks were missing on write paths. In affected subsystems, a lower-privileged authenticated user with the relevant feature permission could...

CVE-2026-56424

CVE-2026-56424 affects MISP core and describes multiple broken access-control flaws where authorization checks target the wrong entity or where ownership checks are missing on write paths. In affected subsystems, a lower-privileged authenticated user with relevant feature permissions could cause ...

CVE-2026-27678

Due to missing authorization checks in the SAP S/4HANA backend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...

CVE-2026-33462

A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrator subsequently attempts to delete this dashboard through the Kibana...

CVE-2026-33462

A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrator subsequently attempts to delete this dashboard through the Kibana...

EUVD-2026-33009

A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrator subsequently attempts to delete this dashboard through the Kibana...

PT-2026-44489

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description A path traversal issue exists in the dashboard management functionality. An authenticated user with limited permissions can create a dashboard using a specially crafted identifier. If an...

CVE-2026-42303

CVE-2026-42303 affects Fides (privacy engineering platform). From version 2.75.0 up to, but not including, 2.83.2, deployments that enable both subject identity verification and duplicate privacy request detection are vulnerable to an administrator approving a privacy request whose identity was n...

Subnet Solutions PowerSYSTEM Center 安全漏洞

Subnet Solutions PowerSYSTEM Center is a power solution offered by Subnet Solutions Corporation. There is a security vulnerability present in Subnet Solutions PowerSYSTEM Center, which allows authenticated users with limited privileges to perform unauthorized project group deletions...

PT-2026-39234

Name of the Vulnerable Software and Affected Versions Wagtail versions prior to 7.0.7 Wagtail versions prior to 7.3.2 Description A CMS user with limited access to form pages can delete submissions for pages they are not authorized to access. This is achieved by crafting a form submission to dele...

CVE-2026-27678 Missing Authorization check in SAP S/4HANA Backend OData Service (Manage Reference Structures)

Due to missing authorization checks in the SAP S/4HANA backend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...

CVE-2026-27678

CVE-2026-27678 affects SAP S/4HANA backend OData Service (Manage Reference Structures); missing authorization checks allow updating and deleting child entities via exposed OData. Impact: integrity high; no confidentiality/availability impact. See SAP notes and security patch day for mitigations.

EUVD-2026-22150

Due to missing authorization checks in the SAP S/4HANA backend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...

CVE-2026-27677

Due to missing authorization checks in the SAP S/4HANA OData Service Manage Reference Equipment, an attacker could update and delete child entities via OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and availability are not...

CVE-2026-27676 Missing Authorization check in SAP S/4HANA OData Service (Manage Technical Object Structures)

Due to missing authorization checks in the SAP S/4HANA OData Service Manage Technical Object Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability results in a low impact on integrity, while confidentiality and...

SAP S/4HANA OData Service 安全漏洞

The SAP S/4HANA OData Service is an enterprise system data interface and service integration component provided by SAP, a German company. There is a security vulnerability in the SAP S/4HANA OData Service Manage Reference Equipment, which stems from the lack of authorization checks. This...

SAP S/4HANA OData Service 安全漏洞

The SAP S/4HANA OData Service is an enterprise system data interface and service integration component provided by SAP, a German company. There is a security vulnerability in the SAP S/4HANA OData Service Manage Reference Structures, which stems from the lack of authorization checks. This...

SAP S/4HANA OData Service 安全漏洞

The SAP S/4HANA OData Service is an enterprise system data interface and service integration component provided by SAP, a German company. There is a security vulnerability in the SAP S/4HANA OData Service. This vulnerability stems from the lack of authorization checks, which may lead to...

PT-2026-32556

Due to missing authorization checks in the SAP S/4HANA OData Service Manage Technical Object Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability results in a low impact on integrity, while confidentiality and...

EUVD-2026-13070

The Add Custom Fields to Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.3. This is due to missing nonce validation on the field deletion functionality in the admin display template. The plugin properly validates a nonce for the 'ad...