|
611
|
7.4 |
HIGH
Network
|
-
|
-
|
Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the pare…
|
CWE-669
Incorrect Resource Transfer Between Spheres
|
CVE-2026-12068
|
2026-06-16 05:49 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
612
|
7.8 |
HIGH
Local
|
-
|
-
|
Heap buffer out-of-bounds write vulnerability in Avira Antivirus engine when scanning a malformed POSIX tar archive may allow Local Execution of Code or Denial-of-Service of the antivirus engine proc…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-6676
|
2026-06-16 05:49 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
613
|
- |
|
-
|
-
|
An improper authorization vulnerability in MISP allowed an authenticated organization administrator to access or modify user settings belonging to site administrator accounts within the same organiza…
|
CWE-639
CWE-863
Authorization Bypass Through User-Controlled Key
Incorrect Authorization
|
CVE-2026-54357
|
2026-06-16 05:46 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
614
|
- |
|
-
|
-
|
An incorrect authorization vulnerability in MISP allows an organization administrator to target site administrator accounts belonging to the same organization through the administrative email functio…
|
CWE-863
Incorrect Authorization
|
CVE-2026-54358
|
2026-06-16 05:46 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
615
|
- |
|
-
|
-
|
MISP contains an insecure default configuration in which the Security.check_sec_fetch_site_header control is disabled. When this setting is disabled, state-changing requests such as POST, PUT, or AJA…
|
CWE-352
CWE-1188
Origin Validation Error
Insecure Default Initialization of Resource
|
CVE-2026-54359
|
2026-06-16 05:46 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
616
|
- |
|
-
|
-
|
A mass assignment vulnerability exists in MISP’s sharing group creation endpoint. When creating a new sharing group, the controller did not remove a user-supplied id field before saving the submitted…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-54360
|
2026-06-16 05:46 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
617
|
- |
|
-
|
-
|
MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag collections, event delegations, and shadow attributes. Several controller actions accepted user-supplied fi…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-54361
|
2026-06-16 05:46 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
618
|
6.5 |
MEDIUM
Local
|
-
|
-
|
ApostropheCMS is an open-source Node.js content management system. Versions of the @apostrophecms/cli package up to and including 3.6.0 contain a command injection vulnerability in the apos create co…
|
CWE-78
OS Command
|
CVE-2026-42853
|
2026-06-16 05:46 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
619
|
8.1 |
HIGH
Network
|
-
|
-
|
ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 have a password reset flow that constructs the reset URL using `req.hostname`, which is derived …
|
CWE-20
CWE-640
Improper Input Validation
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2026-45013
|
2026-06-16 05:46 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
620
|
- |
|
-
|
-
|
An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin users to view galaxies that should not have been visible to their organisation. The custom ac…
|
CWE-863
Incorrect Authorization
|
CVE-2026-54362
|
2026-06-16 05:46 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
