|
2341
|
4.3 |
MEDIUM
Network
|
misp
|
misp
|
An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application checked whether a matching template already e…
|
CWE-862
Missing Authorization
|
CVE-2026-10855
|
2026-06-8 23:03 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2342
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in Page Info in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a…
|
CWE-284
Improper Access Control
|
CVE-2026-11275
|
2026-06-8 23:00 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2343
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in UI in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
|
CWE-352
Origin Validation Error
|
CVE-2026-11270
|
2026-06-8 23:00 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2344
|
8.6 |
HIGH
Network
|
vertex-app
|
vertex
|
Vertex is a management tool for PT (Private Tracker) users to manage streaming and watching videos. Versions prior to commit fbde301b97986d5913fc4bc95f5445750d282e11 are vulnerable to path traversal.…
|
CWE-22
Path Traversal
|
CVE-2024-40646
|
2026-06-8 22:59 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2345
|
6.1 |
MEDIUM
Network
|
misp
|
misp
|
A URL validation flaw in the MISP dashboard button widget allowed a crafted relative-looking URL to be accepted as a local path while being interpreted by browsers as an external URL. The validation …
|
CWE-601
Open Redirect
|
CVE-2026-10856
|
2026-06-8 22:59 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2346
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient policy enforcement in WebAuthentication in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data vi…
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-11263
|
2026-06-8 22:58 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2347
|
7.5 |
HIGH
Network
|
microsoft
|
copilot_chat
|
Improper neutralization of special elements in output used by a downstream component ('injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a netw…
|
CWE-74
Injection
|
CVE-2026-47644
|
2026-06-8 22:57 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2348
|
6.1 |
MEDIUM
Network
|
misp
|
misp
|
An open redirect vulnerability existed in MISP UsersController::routeafterlogin() because the value stored in the pre_login_requested_url session key was used as the post-login redirect destination w…
|
CWE-601
Open Redirect
|
CVE-2026-10861
|
2026-06-8 22:56 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2349
|
8.8 |
HIGH
Network
|
microsoft
|
copilot
|
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an authorized attacker to execute code over a network.
|
CWE-77
Command Injection
|
CVE-2026-45497
|
2026-06-8 22:55 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2350
|
6.5 |
MEDIUM
Network
|
misp
|
misp
|
A logic error in the MISP CRUD component delete handler allowed validation failures to be bypassed when requests used the HTTP DELETE method. Due to missing parentheses in the delete condition, the e…
|
CWE-863
Incorrect Authorization
|
CVE-2026-10860
|
2026-06-8 22:54 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
