Vuldb Updates

A vulnerability has been found in MISP 2.4.127 and classified as problematic. Affected by this issue is some unknown functionality of the file app/Model/Attribute.php of the component ACL Lookup Handler. Performing a manipulation results in information disclosure. This vulnerability is known as CVE-2020-14969. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability classified as critical was found in MISP 2.4.128. This affects an unknown part of the file app/Controller/AttributesController.php of the component ACL Check Handler. The manipulation results in improper privilege management. This vulnerability is known as CVE-2020-15411. It is possible to launch the attack remotely. No exploit is available.

A vulnerability, which was classified as critical, has been found in MISP 2.4.128. This vulnerability affects unknown code of the file app/Controller/EventsController.php of the component ACL Check Handler. This manipulation causes improper privilege management. This vulnerability is handled as CVE-2020-15412. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in MISP up to 2.4.128. It has been classified as problematic. Affected by this vulnerability is an unknown functionality. Performing a manipulation results in cross-site request forgery. This vulnerability is reported as CVE-2020-15711. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in MISP and classified as critical. This affects an unknown function of the component Login Page. Executing a manipulation can lead to improper privilege management. This vulnerability is registered as CVE-2020-25766. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability was found in MISP up to 2.4.133 and classified as critical. Affected is an unknown function of the component REST Client. The manipulation of the argument use_full_path results in server-side request forgery. This vulnerability is identified as CVE-2020-28043. The attack can only be performed from the local network. There is not any exploit available. It is advisable to implement a patch to correct this issue.

A vulnerability classified as problematic was found in MISP 2.4.134. The impacted element is an unknown function of the component Template Element Handler. Executing a manipulation of the argument ID can lead to cross site scripting. This vulnerability is tracked as CVE-2020-28947. The attack can be launched remotely. No exploit exists. It is advisable to implement a patch to correct this issue.

A vulnerability has been found in MISP up to 2.4.134 and classified as critical. Affected is an unknown function of the file app/Controller/GalaxyElementsController.php of the component ACL Handler. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2020-29006. Access to the local network is required for this attack to succeed. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in vLLM and classified as critical. The affected element is an unknown function of the component Activation. Executing a manipulation can lead to code injection. This vulnerability is tracked as CVE-2026-41523. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability, which was classified as very critical, was found in Oracle Enterprise Manager Base Platform 13.5/24.1. This impacts an unknown function of the component Metadata Plugin. The manipulation results in privilege escalation. This vulnerability was named CVE-2026-46852. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.

A vulnerability was found in undici up to 6.25.x/7.27.x/8.4.x. It has been declared as problematic. This impacts an unknown function of the component Cookies Feature. The manipulation results in permissive list of allowed inputs. This vulnerability is cataloged as CVE-2026-11525. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in undici up to 6.25.x/7.27.x/8.4.x. It has been rated as critical. Affected is an unknown function of the file /parseCookie/getSetCookies of the component HTTP Response Header Handler. This manipulation causes crlf injection. This vulnerability is registered as CVE-2026-9679. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in MIPS up to 2.4. It has been declared as problematic. This issue affects some unknown processing of the file app/webroot/js/misp.js of the component Image Name Handler. The manipulation results in cross site scripting (Persistent). This vulnerability is known as CVE-2019-11814. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in MISP 2.4.108. It has been rated as critical. The affected element is an unknown function of the component Password Reset. Performing a manipulation results in credentials management. This vulnerability is known as CVE-2019-12794. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability has been found in MISP 2.4.109 and classified as critical. This vulnerability affects the function file_exists of the file app/Model/Server.php. The manipulation leads to deserialization. This vulnerability is documented as CVE-2019-12868. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in MISP 2.4.111. It has been declared as problematic. This affects an unknown function of the file app/webroot/js/event-graph.js of the component event-graph View. Such manipulation leads to cross site scripting (Stored). This vulnerability is uniquely identified as CVE-2019-14286. The attack can be launched remotely. No exploit exists.

A vulnerability, which was classified as critical, was found in MISP. Impacted is the function __checkLoggedActions. Such manipulation leads to improper privilege management. This vulnerability is uniquely identified as CVE-2019-16202. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability identified as critical has been detected in MISP 2.4.118. Impacted is an unknown function of the file app/Controller/TagsController.php. Performing a manipulation results in incorrect permission assignment. This vulnerability is reported as CVE-2019-19379. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability classified as critical was found in MISP up to 2.4.120. This impacts an unknown function of the component Time Skew Handler. Such manipulation leads to time-of-check time-of-use. This vulnerability is listed as CVE-2020-8890. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in MISP up to 2.4.120. Affected is an unknown function of the component Username Handler. Performing a manipulation results in an unknown weakness. This vulnerability is cataloged as CVE-2020-8891. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.