Broken access control in MISP core allows cross-organization unauthorized modification or deletion of analyst data, event reports, collections, tem...

Jun 22, 2026

CVE-2026-56422

CRITICAL

MISP Core: Mass Assignment and Object Re-ownership via Unvalidated Request Fields

Jun 22, 2026

CVE-2026-56385

MEDIUM

Craft CMS - Authorization Bypass in assets/preview-file Endpoint

Jun 21, 2026

CVE-2026-56229

HIGH

Capgo - Cross-App Build Job Access via app_id/job_id Mismatch in /build/status and /build/logs

Jun 21, 2026

CVE-2026-56215

HIGH

Capgo - Account Merge via Poisoned public.users.email in SSO Provisioning

Jun 20, 2026

CVE-2026-49338

HIGH

Subsonic API: any authenticated user can delete or read any other user's playlist (IDOR)

Jun 19, 2026

CVE-2026-49339

HIGH

Path traversal in getPlaylist/deletePlaylist bypasses ownership check: any authenticated user can read or delete any other user's playlist

Jun 19, 2026

CVE-2026-54105

MEDIUM

U.S. GAO EPDS and CBCA EDS user information disclosure

Jun 18, 2026

CVE-2026-50141

HIGH

Woodpecker gRPC agent_id metadata can be spoofed- cross-tenant agent impersonation

Jun 18, 2026

CVE-2026-12102

LOW

UsersWP <= 1.2.63 - Insecure Direct Object Reference to Authenticated (Editor+) Arbitrary User Avatar/Banner Reset via 'user_id' Parameter

Jun 18, 2026

CVE-2026-10623

MEDIUM

PressPrimer Quiz <= 2.3.0 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Modification via 'quiz_id', 'item_id', and 'rule_...

Jun 18, 2026

CVE-2026-10023

MEDIUM

Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.3 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Ord...

Jun 18, 2026

CVE-2026-48759

HIGH

TypeBot: Cross-Workspace Theme Template IDOR (Modification and Deletion)

Jun 17, 2026

CVE-2026-50194

HIGH

Steeltoe vulnerable to management-port isolation bypass via spoofed Host header

Jun 17, 2026

CVE-2026-55198

HIGH

Hermes WebUI < 0.51.443 - Cross-Profile Session Data Exfiltration via Session Export Endpoint

Jun 17, 2026

CVE-2026-55197

HIGH

Hermes WebUI < 0.51.443 - Broken Access Control in /api/session Endpoint

Jun 17, 2026

Showing 1 - 20 of 1,000+ results

...

Searching...

Filters

1,000+ results

CVE-2026-56784

HIGH

OpenRemote Manager - Cross-Tenant IDOR in Bulk Alarm Deletion

Jun 23, 2026

CVE-2026-56222

HIGH

Capgo - Cross-Organization App Takeover via Mismatched org_id and app_id in /private/role_bindings

Jun 23, 2026

CVE-2026-48067

MEDIUM

Filament: Inconsistent scope enforcement for AttachAction and AssociateAction Select fields

Jun 22, 2026

CVE-2026-6062

MEDIUM

IDOR in Jira plugin subscription edit endpoint

Jun 22, 2026

CVE-2026-56424

HIGH

Broken access control in MISP core allows cross-organization unauthorized modification or deletion of analyst data, event reports, collections, tem...

Jun 22, 2026

CVE-2026-56422

CRITICAL

MISP Core: Mass Assignment and Object Re-ownership via Unvalidated Request Fields

Jun 22, 2026

CVE-2026-56385

MEDIUM

Craft CMS - Authorization Bypass in assets/preview-file Endpoint

Jun 21, 2026

CVE-2026-56229

HIGH

Capgo - Cross-App Build Job Access via app_id/job_id Mismatch in /build/status and /build/logs

Jun 21, 2026

CVE-2026-56215

HIGH

Capgo - Account Merge via Poisoned public.users.email in SSO Provisioning

Jun 20, 2026

CVE-2026-49338

HIGH

Subsonic API: any authenticated user can delete or read any other user's playlist (IDOR)

Jun 19, 2026

CVE-2026-49339

HIGH

Path traversal in getPlaylist/deletePlaylist bypasses ownership check: any authenticated user can read or delete any other user's playlist

Jun 19, 2026

CVE-2026-54105

MEDIUM

U.S. GAO EPDS and CBCA EDS user information disclosure

Jun 18, 2026

CVE-2026-50141

HIGH

Woodpecker gRPC agent_id metadata can be spoofed- cross-tenant agent impersonation

Jun 18, 2026

CVE-2026-12102

LOW

UsersWP <= 1.2.63 - Insecure Direct Object Reference to Authenticated (Editor+) Arbitrary User Avatar/Banner Reset via 'user_id' Parameter

Jun 18, 2026

CVE-2026-10623

MEDIUM

PressPrimer Quiz <= 2.3.0 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Modification via 'quiz_id', 'item_id', and 'rule_...

Jun 18, 2026

CVE-2026-10023

MEDIUM

Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.3 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Ord...

Jun 18, 2026

CVE-2026-48759

HIGH

TypeBot: Cross-Workspace Theme Template IDOR (Modification and Deletion)

Jun 17, 2026

CVE-2026-50194

HIGH

Steeltoe vulnerable to management-port isolation bypass via spoofed Host header

Jun 17, 2026

CVE-2026-55198

HIGH

Hermes WebUI < 0.51.443 - Cross-Profile Session Data Exfiltration via Session Export Endpoint

Jun 17, 2026

CVE-2026-55197

HIGH

Hermes WebUI < 0.51.443 - Broken Access Control in /api/session Endpoint

Jun 17, 2026

Showing 1 - 20 of 1,000+ results

...