Vuldb Updates

A vulnerability has been found in MISP up to 2.4.134 and classified as critical. Affected is an unknown function of the file app/Controller/GalaxyElementsController.php of the component ACL Handler. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2020-29006. Access to the local network is required for this attack to succeed. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in vLLM and classified as critical. The affected element is an unknown function of the component Activation. Executing a manipulation can lead to code injection. This vulnerability is tracked as CVE-2026-41523. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability, which was classified as very critical, was found in Oracle Enterprise Manager Base Platform 13.5/24.1. This impacts an unknown function of the component Metadata Plugin. The manipulation results in privilege escalation. This vulnerability was named CVE-2026-46852. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.

A vulnerability was found in undici up to 6.25.x/7.27.x/8.4.x. It has been declared as problematic. This impacts an unknown function of the component Cookies Feature. The manipulation results in permissive list of allowed inputs. This vulnerability is cataloged as CVE-2026-11525. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in undici up to 6.25.x/7.27.x/8.4.x. It has been rated as critical. Affected is an unknown function of the file /parseCookie/getSetCookies of the component HTTP Response Header Handler. This manipulation causes crlf injection. This vulnerability is registered as CVE-2026-9679. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in MIPS up to 2.4. It has been declared as problematic. This issue affects some unknown processing of the file app/webroot/js/misp.js of the component Image Name Handler. The manipulation results in cross site scripting (Persistent). This vulnerability is known as CVE-2019-11814. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in MISP 2.4.108. It has been rated as critical. The affected element is an unknown function of the component Password Reset. Performing a manipulation results in credentials management. This vulnerability is known as CVE-2019-12794. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability has been found in MISP 2.4.109 and classified as critical. This vulnerability affects the function file_exists of the file app/Model/Server.php. The manipulation leads to deserialization. This vulnerability is documented as CVE-2019-12868. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in MISP 2.4.111. It has been declared as problematic. This affects an unknown function of the file app/webroot/js/event-graph.js of the component event-graph View. Such manipulation leads to cross site scripting (Stored). This vulnerability is uniquely identified as CVE-2019-14286. The attack can be launched remotely. No exploit exists.

A vulnerability, which was classified as critical, was found in MISP. Impacted is the function __checkLoggedActions. Such manipulation leads to improper privilege management. This vulnerability is uniquely identified as CVE-2019-16202. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability identified as critical has been detected in MISP 2.4.118. Impacted is an unknown function of the file app/Controller/TagsController.php. Performing a manipulation results in incorrect permission assignment. This vulnerability is reported as CVE-2019-19379. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability classified as critical was found in MISP up to 2.4.120. This impacts an unknown function of the component Time Skew Handler. Such manipulation leads to time-of-check time-of-use. This vulnerability is listed as CVE-2020-8890. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in MISP up to 2.4.120. Affected is an unknown function of the component Username Handler. Performing a manipulation results in an unknown weakness. This vulnerability is cataloged as CVE-2020-8891. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in MISP up to 2.4.120. Affected by this vulnerability is an unknown functionality of the component HTTP PUT Handler. Executing a manipulation as part of Request can lead to Remote Code Execution. This vulnerability is registered as CVE-2020-8892. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability has been found in MISP up to 2.4.120 and classified as critical. Affected by this issue is some unknown functionality of the file app/View/Galaxies/view.ctp of the component Galaxy View. The manipulation as part of String leads to an unknown weakness. This vulnerability is documented as CVE-2020-8893. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability was found in MISP up to 2.4.120 and classified as critical. This affects an unknown part of the file app/Controller/ThreadsController.php of the component ACL Handler. The manipulation results in an unknown weakness. This vulnerability is reported as CVE-2020-8894. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability marked as problematic has been reported in MISP 2.4.122. The impacted element is an unknown function of the file app/View/Users/statistics_orgs.ctp. This manipulation as part of Parameter causes cross site scripting (Reflected). This vulnerability is registered as CVE-2020-10246. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability labeled as problematic has been found in urllib3 up to 2.6.x on Python. Impacted is the function HTTPResponse.drain_conn. Such manipulation leads to highly compressed data. This vulnerability is uniquely identified as CVE-2026-44432. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

A vulnerability marked as critical has been reported in Red Hat Enterprise Linux and OpenShift Container Platform. This vulnerability affects unknown code. Performing a manipulation results in heap-based buffer overflow. This vulnerability is known as CVE-2026-12725. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability marked as problematic has been reported in urllib3 up to 2.6.x on Python. The affected element is the function ProxyManager.connection_from_url.urlopen. Performing a manipulation results in information disclosure. This vulnerability was named CVE-2026-44431. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.