Lucene search
K

108 matches found

EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42239

An authorization bypass in MISP’s EventsController::importModule allowed authenticated users or read-only API keys with event view access to persist data to events they were not allowed to modify. When an import module returned results in the mispstandard format, the write path did not verify eve...

5.3CVSS6AI score0.0022EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 5:17 p.m.15 views

CVE-2026-45154

Nextcloud is an open source content collaboration platform. From version 2.6.0 to before version 4.3.0, when a previous collective pages was deleted and the collective was shared view-only, guests with access to the collective were able to access the deleted pages directly from the trashbin. This...

2.6CVSS0.00189EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/01 4:37 p.m.13 views

CVE-2026-45154 Nextcloud: Improper Access Control in Collectives

Nextcloud is an open source content collaboration platform. From version 2.6.0 to before version 4.3.0, when a previous collective pages was deleted and the collective was shared view-only, guests with access to the collective were able to access the deleted pages directly from the trashbin. This...

2.6CVSS5.7AI score0.00189EPSS
Exploits0References3
CVE
CVE
added 2026/06/01 4:37 p.m.31 views

CVE-2026-45154

Nextcloud Collectives vulnerability: from version 2.6.0 through before 4.3.0, if a collective page was deleted and the collective was shared view‑only, guests with access could directly retrieve the deleted pages from the trashbin. Root cause: improper access control. A fix is available in versio...

2.6CVSS5.7AI score0.00189EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/01 4:37 p.m.11 views

EUVD-2026-33673

Nextcloud is an open source content collaboration platform. From version 2.6.0 to before version 4.3.0, when a previous collective pages was deleted and the collective was shared view-only, guests with access to the collective were able to access the deleted pages directly from the trashbin. This...

2.6CVSS5.7AI score0.00189EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.14 views

PT-2026-45470

Nextcloud is an open source content collaboration platform. From version 2.6.0 to before version 4.3.0, when a previous collective pages was deleted and the collective was shared view-only, guests with access to the collective were able to access the deleted pages directly from the trashbin. This...

2.6CVSS5.7AI score0.00189EPSS
Exploits0References4
CVE
CVE
added 2026/05/22 2:6 p.m.29 views

CVE-2026-8347

The CVE-2026-8347 entry affects Concrete CMS 9.5.0 and earlier, where the Express association Reorder dialog is vulnerable to IDOR and wrong-authorization-level handling, enabling cross-entity state tampering under view-only permissions. The issue is triggered by reliance on Express entity orderi...

4.3CVSS5.8AI score0.00175EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/22 2:6 p.m.8 views

CVE-2026-8347 Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in Express association Reorder dialog

Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in the Express association Reorder dialog. This can cause Cross-entity state tampering with view-only permission on one entry. To be affected, a website has to be using express and relying on express entity...

2.3CVSS5.8AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/22 2:6 p.m.13 views

EUVD-2026-31442

Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in the Express association Reorder dialog. This can cause Cross-entity state tampering with view-only permission on one entry. To be affected, a website has to be using express and relying on express entity...

4.3CVSS5.8AI score0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/22 2:6 p.m.34 views

CVE-2026-8347 Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in Express association Reorder dialog

Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in the Express association Reorder dialog. This can cause Cross-entity state tampering with view-only permission on one entry. To be affected, a website has to be using express and relying on express entity...

2.3CVSS0.00175EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/22 2:6 p.m.6 views

CVE-2026-8347

Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in the Express association Reorder dialog. This can cause Cross-entity state tampering with view-only permission on one entry. To be affected, a website has to be using express and relying on express entity...

4.3CVSS5.8AI score0.00175EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.14 views

PT-2026-42773

Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description An Insecure Direct Object Reference IDOR and incorrect authorization level exist in the Express association Reorder dialog. This allows for cross-entity state tampering, where a user with...

4.3CVSS5.8AI score0.00175EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/12 2:21 p.m.13 views

CVE-2025-40897

An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform...

8.1CVSS5.8AI score0.00325EPSS
Exploits0References1
Nextcloud
Nextcloud
added 2026/05/12 9:10 a.m.15 views

View-only guests could see deleted Collectives pages in the trashbin

None...

2.6CVSS5.8AI score0.00189EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/17 6:31 p.m.4 views

EUVD-2025-209469

An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform...

8.1CVSS5.8AI score0.00325EPSS
Exploits0References2
NVD
NVD
added 2026/04/15 9:16 a.m.6 views

CVE-2025-40897

An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform...

8.1CVSS0.00325EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/15 8:18 a.m.29 views

CVE-2025-40897 Incorrect authorization for Threat Intelligence in Guardian/CMC before 26.0.0

An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform...

8.1CVSS0.00325EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/15 8:18 a.m.8 views

CVE-2025-40897

An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform...

8.1CVSS5.8AI score0.00325EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/15 8:18 a.m.6 views

CVE-2025-40897 Incorrect authorization for Threat Intelligence in Guardian/CMC before 26.0.0

An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform...

8.1CVSS5.8AI score0.00325EPSS
Exploits0References1
CVE
CVE
added 2026/04/15 8:18 a.m.19 views

CVE-2025-40897

The CVE-2025-40897 entry concerns Guardian/CMC Threat Intelligence prior to version 26.0.0, where an access control flaw allows users with view-only privileges to perform administrative actions, potentially altering rules configuration and affecting availability. The vulnerability stems from impr...

8.1CVSS5.8AI score0.00325EPSS
Exploits0References2
Rows per page
Query Builder