|
621
|
- |
|
-
|
-
|
MISP contains a path traversal vulnerability in OrganisationsController::getOrgLogo. The vulnerable code builds organisation logo file paths using organisation-controlled fields such as id, name, and…
|
CWE-22
Path Traversal
|
CVE-2026-54394
|
2026-06-16 05:46 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
622
|
- |
|
-
|
-
|
A stored cross-site scripting vulnerability exists in MISP when the Overmind theme is used. The setHomePage endpoint previously saved the user-controlled path value through setSettingInternal(), bypa…
|
CWE-79
Cross-site Scripting
|
CVE-2026-54393
|
2026-06-16 05:46 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
623
|
- |
|
-
|
-
|
MISP contains a reflected cross-site scripting vulnerability in the UiBeta event index view. The urlparams value is inserted into an inline JavaScript handler using HTML escaping inside a single-quot…
|
CWE-79
Cross-site Scripting
|
CVE-2026-54395
|
2026-06-16 05:46 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
624
|
- |
|
-
|
-
|
An information disclosure vulnerability exists in the MISP AuthKey edit functionality. When a validation error occurs during an AuthKey edit request, the user dropdown was populated using the attacke…
|
CWE-200
Information Exposure
|
CVE-2026-54396
|
2026-06-16 05:46 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
625
|
- |
|
-
|
-
|
A vulnerability in MISP’s non-REST event editing path allowed an authenticated user with event edit permissions to manipulate the submitted form data and set an event’s sharing_group_id to a sharing …
|
CWE-863
Incorrect Authorization
|
CVE-2026-54397
|
2026-06-16 05:46 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
626
|
7.7 |
HIGH
Network
|
-
|
-
|
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, nezha's dashboard supports two user roles: RoleAdmin (Role=…
|
CWE-863
CWE-918
Incorrect Authorization
Server-Side Request Forgery (SSRF)
|
CVE-2026-46717
|
2026-06-16 05:46 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
627
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.9, any authenticated non-admin member can connect to the serve…
|
CWE-200
Information Exposure
|
CVE-2026-47124
|
2026-06-16 05:46 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
628
|
7.1 |
HIGH
Network
|
-
|
-
|
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.0.14, cross-site GET request can trigger stored cron commands on…
|
CWE-352
Origin Validation Error
|
CVE-2026-49396
|
2026-06-16 05:46 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
629
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to version 2.0.13, fallbackToFrontend in the dashboard's NoRoute handler treats any URL whose raw…
|
CWE-22
Path Traversal
|
CVE-2026-53519
|
2026-06-16 05:46 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
630
|
- |
|
-
|
-
|
An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions to assign a MISP object, or attributes contained within an object, to a sharing …
|
CWE-863
Incorrect Authorization
|
CVE-2026-54398
|
2026-06-16 05:46 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
