CVE-2026-10864 MISP Dashboard widget field selection may expose restricted user and organisation data

A vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the fields option and influence which fields were returned by the New Users and New Organisations widgets. In some cases, requesting a field set that became empty after validation or redaction could cause th...

GHSA-7FPJ-WC8V-9CGC Duplicate Advisory: terminal42/contao-tablelookupwizard possible SQL injection in widget field value

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-v3mr-gp7j-pw5w. This link is maintained to preserve external references. Original Description Impact The currently selected widget values were not correctly sanitized before passing it to the database, leading t...

Possible SQL injection in widget field value

Impact The currently selected widget values were not correctly sanitized before passing it to the database, leading to an SQL injection possibility. Patches The issue has been patched in tablelookupwizard version 3.3.5 and version 4.0.0. For more information If you have any questions or comments...

Possible SQL injection in widget field value

Description Impact The currently selected widget values were not correctly sanitized before passing it to the database, leading to an SQL injection possibility. Patches The issue has been patched in tablelookupwizard version 3.3.5 and version 4.0.0. For more information If you have any questions ...