|
1011
|
- |
|
-
|
-
|
Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that lack the allowed_classes restriction. An unauthenticat…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-7888
|
2026-06-5 00:20 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1012
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Authorization bypass through User-Controlled SQL primary key vulnerability in Akmer Informatics Automation Industry and Trade Ltd. Co. TeknoPass allows SQL Injection.
This issue affects TeknoPass: f…
|
CWE-89
SQL Injection
|
CVE-2026-4104
|
2026-06-5 00:20 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1013
|
- |
|
-
|
-
|
An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application checked whether a matching template already e…
|
CWE-862
Missing Authorization
|
CVE-2026-10855
|
2026-06-5 00:19 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1014
|
- |
|
-
|
-
|
A URL validation flaw in the MISP dashboard button widget allowed a crafted relative-looking URL to be accepted as a local path while being interpreted by browsers as an external URL. The validation …
|
CWE-601
Open Redirect
|
CVE-2026-10856
|
2026-06-5 00:19 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1015
|
- |
|
-
|
-
|
An open redirect vulnerability existed in MISP UsersController::routeafterlogin() because the value stored in the pre_login_requested_url session key was used as the post-login redirect destination w…
|
CWE-601
Open Redirect
|
CVE-2026-10861
|
2026-06-5 00:19 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1016
|
- |
|
-
|
-
|
A logic error in the MISP CRUD component delete handler allowed validation failures to be bypassed when requests used the HTTP DELETE method. Due to missing parentheses in the delete condition, the e…
|
CWE-863
Incorrect Authorization
|
CVE-2026-10860
|
2026-06-5 00:19 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1017
|
- |
|
-
|
-
|
A security issue was fixed in the correlations over-correlation endpoint where the order query parameter was accepted from user-controlled named request parameters. This allowed an authenticated user…
|
CWE-20
Improper Input Validation
|
CVE-2026-10863
|
2026-06-5 00:19 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1018
|
- |
|
-
|
-
|
A vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the fields option and influence which fields were returned by the New Users and New Organisations widgets. In…
|
CWE-200
Information Exposure
|
CVE-2026-10864
|
2026-06-5 00:19 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1019
|
7.5 |
HIGH
Network
|
-
|
-
|
It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information.
|
CWE-200
Information Exposure
|
CVE-2026-41032
|
2026-06-5 00:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1020
|
9.8 |
CRITICAL
Network
|
-
|
-
|
An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices.
|
CWE-1393
Use of Default Password
|
CVE-2026-35075
|
2026-06-5 00:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
