Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: vendors Tag: misp Clear
ID Title
CVE-2026-56425 Vulnerability in csrf (CVE-2026-56425)
vulnerability in csrf (CVE-2026-56425). Successful exploitation can lead to full system takeover. Exploitable via `Referer header`.
CVE-2026-56446 Code Injection in misp-project (CVE-2026-56446)
code injection in misp-project (CVE-2026-56446). Successful exploitation can lead to full system takeover.
CVE-2026-10863 Vulnerability in sqli (CVE-2026-10863)
vulnerability in sqli (CVE-2026-10863). Confidential information can be exposed externally.
CVE-2026-39962 Vulnerability in misp-project (CVE-2026-39962)
vulnerability in misp-project (CVE-2026-39962). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.5.36` or later.
CVE-2024-58130 Cross-Site Scripting (XSS) in misp-project (CVE-2024-58130)
cross-site scripting in misp-project (CVE-2024-58130). Risk of unauthorized operations or information disclosure.
CVE-2024-57969 app/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a GUI attribute search.
app/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a GUI attribute search.
CVE-2024-46918 Authorization Flaw in misp-project (CVE-2024-46918)
vulnerability in misp-project (CVE-2024-46918). Confidential information can be exposed externally.
CVE-2024-45509 Authorization Flaw in misp-project (CVE-2024-45509)
vulnerability in misp-project (CVE-2024-45509). Confidential information can be exposed externally.
CVE-2024-29859 Unrestricted File Upload in misp-project (CVE-2024-29859)
vulnerability in misp-project (CVE-2024-29859). Successful exploitation can lead to full system takeover.
CVE-2024-29858 Vulnerability in misp-project (CVE-2024-29858)
vulnerability in misp-project (CVE-2024-29858). Successful exploitation can lead to full system takeover.
CVE-2024-25675 Vulnerability in misp-project (CVE-2024-25675)
vulnerability in misp-project (CVE-2024-25675). Successful exploitation can lead to full system takeover.
CVE-2023-50918 app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.
app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.
CVE-2023-49926 app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget.
app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget.
CVE-2023-48658 Vulnerability in misp-project (CVE-2023-48658)
vulnerability in misp-project (CVE-2023-48658). Successful exploitation can lead to full system takeover.
CVE-2023-48657 An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.
CVE-2023-48656 An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.
CVE-2023-48655 Vulnerability in misp-project (CVE-2023-48655)
vulnerability in misp-project (CVE-2023-48655). Successful exploitation can lead to full system takeover.
CVE-2023-48659 Vulnerability in misp-project (CVE-2023-48659)
vulnerability in misp-project (CVE-2023-48659). Successful exploitation can lead to full system takeover.
CVE-2023-41098 Cross-Site Scripting (XSS) in misp-project (CVE-2023-41098)
cross-site scripting in misp-project (CVE-2023-41098). Risk of unauthorized operations or information disclosure.
CVE-2023-28884 In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.
In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.
CVE-2022-48329 Vulnerability in misp-project (CVE-2022-48329)
vulnerability in misp-project (CVE-2022-48329). Successful exploitation can lead to full system takeover.
CVE-2022-48328 Vulnerability in misp-project (CVE-2022-48328)
vulnerability in misp-project (CVE-2022-48328). Successful exploitation can lead to full system takeover.
CVE-2022-42724 Information Disclosure in misp-project (CVE-2022-42724)
vulnerability in misp-project (CVE-2022-42724). Risk of unauthorized operations or information disclosure.
CVE-2019-12868 Unsafe Deserialization in deserialization (CVE-2019-12868)
vulnerability in deserialization (CVE-2019-12868). Successful exploitation can lead to full system takeover.
CVE-2021-41326 Vulnerability in misp-project (CVE-2021-41326)
vulnerability in misp-project (CVE-2021-41326). Successful exploitation can lead to full system takeover.
CVE-2021-39302 SQL Injection in sqli (CVE-2021-39302)
SQL injection in sqli (CVE-2021-39302). Successful exploitation can lead to full system takeover.
CVE-2021-31780 Vulnerability in misp-project (CVE-2021-31780)
vulnerability in misp-project (CVE-2021-31780). Confidential information can be exposed externally.
CVE-2021-27904 Vulnerability in misp-project (CVE-2021-27904)
vulnerability in misp-project (CVE-2021-27904). Confidential information can be exposed externally.
CVE-2020-24085 Cross-Site Scripting (XSS) in misp-project (CVE-2020-24085)
cross-site scripting in misp-project (CVE-2020-24085). Risk of unauthorized operations or information disclosure.
CVE-2020-29006 Vulnerability in misp-project (CVE-2020-29006)
vulnerability in misp-project (CVE-2020-29006). Successful exploitation can lead to full system takeover.
CVE-2020-15412 Vulnerability in misp-project (CVE-2020-15412)
vulnerability in misp-project (CVE-2020-15412). Risk of unauthorized operations or information disclosure.
CVE-2020-15411 Privilege Escalation in misp-project (CVE-2020-15411)
vulnerability in misp-project (CVE-2020-15411). Successful exploitation can lead to full system takeover.
CVE-2020-14969 Vulnerability in misp-project (CVE-2020-14969)
vulnerability in misp-project (CVE-2020-14969). Confidential information can be exposed externally.
CVE-2020-11458 Information Disclosure in misp-project (CVE-2020-11458)
vulnerability in misp-project (CVE-2020-11458). Confidential information can be exposed externally.
CVE-2020-8894 Vulnerability in misp-project (CVE-2020-8894)
vulnerability in misp-project (CVE-2020-8894). Risk of unauthorized operations or information disclosure.
CVE-2019-19379 Vulnerability in misp-project (CVE-2019-19379)
vulnerability in misp-project (CVE-2019-19379). Risk of unauthorized operations or information disclosure.
CVE-2019-11812 Cross-Site Scripting (XSS) in misp-project (CVE-2019-11812)
cross-site scripting in misp-project (CVE-2019-11812). Risk of unauthorized operations or information disclosure.
CVE-2018-19908 OS Command Injection in misp-project (CVE-2018-19908)
OS command injection in misp-project (CVE-2018-19908). Successful exploitation can lead to full system takeover.
CVE-2022-29533 Cross-Site Scripting (XSS) in misp-project (CVE-2022-29533)
cross-site scripting in misp-project (CVE-2022-29533). Risk of unauthorized operations or information disclosure.
CVE-2022-29534 Authentication Bypass in misp-project (CVE-2022-29534)
authentication bypass in misp-project (CVE-2022-29534). Data can be tampered with by attackers.
CVE-2022-27245 SSRF (Server-Side Request Forgery) in ssrf (CVE-2022-27245)
SSRF in ssrf (CVE-2022-27245). Successful exploitation can lead to full system takeover.
CVE-2018-12649 Vulnerability in misp-project (CVE-2018-12649)
vulnerability in misp-project (CVE-2018-12649). Successful exploitation can lead to full system takeover.
CVE-2018-6926 OS Command Injection in misp-project (CVE-2018-6926)
OS command injection in misp-project (CVE-2018-6926). Successful exploitation can lead to full system takeover.
CVE-2017-16946 Vulnerability in misp (CVE-2017-16946)
vulnerability in misp (CVE-2017-16946). Confidential information can be exposed externally.
CVE-2017-13671 Cross-Site Scripting (XSS) in misp (CVE-2017-13671)
cross-site scripting in misp (CVE-2017-13671). Risk of unauthorized operations or information disclosure.
CVE-2015-5721 Code Injection in misp-project (CVE-2015-5721)
code injection in misp-project (CVE-2015-5721). Successful exploitation can lead to full system takeover.
CVE-2015-5719 Vulnerability in misp-project (CVE-2015-5719)
vulnerability in misp-project (CVE-2015-5719). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →