Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-56425 |
|
Vulnerability in csrf (CVE-2026-56425)
vulnerability in csrf (CVE-2026-56425). Successful exploitation can lead to full system takeover. Exploitable via `Referer header`.
|
| CVE-2026-56446 |
|
Code Injection in misp-project (CVE-2026-56446)
code injection in misp-project (CVE-2026-56446). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10863 |
|
Vulnerability in sqli (CVE-2026-10863)
vulnerability in sqli (CVE-2026-10863). Confidential information can be exposed externally.
|
| CVE-2026-39962 |
|
Vulnerability in misp-project (CVE-2026-39962)
vulnerability in misp-project (CVE-2026-39962). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.5.36` or later.
|
| CVE-2024-58130 |
|
Cross-Site Scripting (XSS) in misp-project (CVE-2024-58130)
cross-site scripting in misp-project (CVE-2024-58130). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-57969 |
|
app/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a GUI attribute search.
app/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a GUI attribute search.
|
| CVE-2024-46918 |
|
Authorization Flaw in misp-project (CVE-2024-46918)
vulnerability in misp-project (CVE-2024-46918). Confidential information can be exposed externally.
|
| CVE-2024-45509 |
|
Authorization Flaw in misp-project (CVE-2024-45509)
vulnerability in misp-project (CVE-2024-45509). Confidential information can be exposed externally.
|
| CVE-2024-29859 |
|
Unrestricted File Upload in misp-project (CVE-2024-29859)
vulnerability in misp-project (CVE-2024-29859). Successful exploitation can lead to full system takeover.
|
| CVE-2024-29858 |
|
Vulnerability in misp-project (CVE-2024-29858)
vulnerability in misp-project (CVE-2024-29858). Successful exploitation can lead to full system takeover.
|
| CVE-2024-25675 |
|
Vulnerability in misp-project (CVE-2024-25675)
vulnerability in misp-project (CVE-2024-25675). Successful exploitation can lead to full system takeover.
|
| CVE-2023-50918 |
|
app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.
app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.
|
| CVE-2023-49926 |
|
app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget.
app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget.
|
| CVE-2023-48658 |
|
Vulnerability in misp-project (CVE-2023-48658)
vulnerability in misp-project (CVE-2023-48658). Successful exploitation can lead to full system takeover.
|
| CVE-2023-48657 |
|
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.
|
| CVE-2023-48656 |
|
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.
|
| CVE-2023-48655 |
|
Vulnerability in misp-project (CVE-2023-48655)
vulnerability in misp-project (CVE-2023-48655). Successful exploitation can lead to full system takeover.
|
| CVE-2023-48659 |
|
Vulnerability in misp-project (CVE-2023-48659)
vulnerability in misp-project (CVE-2023-48659). Successful exploitation can lead to full system takeover.
|
| CVE-2023-41098 |
|
Cross-Site Scripting (XSS) in misp-project (CVE-2023-41098)
cross-site scripting in misp-project (CVE-2023-41098). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-28884 |
|
In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.
In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.
|
| CVE-2022-48329 |
|
Vulnerability in misp-project (CVE-2022-48329)
vulnerability in misp-project (CVE-2022-48329). Successful exploitation can lead to full system takeover.
|
| CVE-2022-48328 |
|
Vulnerability in misp-project (CVE-2022-48328)
vulnerability in misp-project (CVE-2022-48328). Successful exploitation can lead to full system takeover.
|
| CVE-2022-42724 |
|
Information Disclosure in misp-project (CVE-2022-42724)
vulnerability in misp-project (CVE-2022-42724). Risk of unauthorized operations or information disclosure.
|
| CVE-2019-12868 |
|
Unsafe Deserialization in deserialization (CVE-2019-12868)
vulnerability in deserialization (CVE-2019-12868). Successful exploitation can lead to full system takeover.
|
| CVE-2021-41326 |
|
Vulnerability in misp-project (CVE-2021-41326)
vulnerability in misp-project (CVE-2021-41326). Successful exploitation can lead to full system takeover.
|
| CVE-2021-39302 |
|
SQL Injection in sqli (CVE-2021-39302)
SQL injection in sqli (CVE-2021-39302). Successful exploitation can lead to full system takeover.
|
| CVE-2021-31780 |
|
Vulnerability in misp-project (CVE-2021-31780)
vulnerability in misp-project (CVE-2021-31780). Confidential information can be exposed externally.
|
| CVE-2021-27904 |
|
Vulnerability in misp-project (CVE-2021-27904)
vulnerability in misp-project (CVE-2021-27904). Confidential information can be exposed externally.
|
| CVE-2020-24085 |
|
Cross-Site Scripting (XSS) in misp-project (CVE-2020-24085)
cross-site scripting in misp-project (CVE-2020-24085). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-29006 |
|
Vulnerability in misp-project (CVE-2020-29006)
vulnerability in misp-project (CVE-2020-29006). Successful exploitation can lead to full system takeover.
|
| CVE-2020-15412 |
|
Vulnerability in misp-project (CVE-2020-15412)
vulnerability in misp-project (CVE-2020-15412). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-15411 |
|
Privilege Escalation in misp-project (CVE-2020-15411)
vulnerability in misp-project (CVE-2020-15411). Successful exploitation can lead to full system takeover.
|
| CVE-2020-14969 |
|
Vulnerability in misp-project (CVE-2020-14969)
vulnerability in misp-project (CVE-2020-14969). Confidential information can be exposed externally.
|
| CVE-2020-11458 |
|
Information Disclosure in misp-project (CVE-2020-11458)
vulnerability in misp-project (CVE-2020-11458). Confidential information can be exposed externally.
|
| CVE-2020-8894 |
|
Vulnerability in misp-project (CVE-2020-8894)
vulnerability in misp-project (CVE-2020-8894). Risk of unauthorized operations or information disclosure.
|
| CVE-2019-19379 |
|
Vulnerability in misp-project (CVE-2019-19379)
vulnerability in misp-project (CVE-2019-19379). Risk of unauthorized operations or information disclosure.
|
| CVE-2019-11812 |
|
Cross-Site Scripting (XSS) in misp-project (CVE-2019-11812)
cross-site scripting in misp-project (CVE-2019-11812). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-19908 |
|
OS Command Injection in misp-project (CVE-2018-19908)
OS command injection in misp-project (CVE-2018-19908). Successful exploitation can lead to full system takeover.
|
| CVE-2022-29533 |
|
Cross-Site Scripting (XSS) in misp-project (CVE-2022-29533)
cross-site scripting in misp-project (CVE-2022-29533). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-29534 |
|
Authentication Bypass in misp-project (CVE-2022-29534)
authentication bypass in misp-project (CVE-2022-29534). Data can be tampered with by attackers.
|
| CVE-2022-27245 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2022-27245)
SSRF in ssrf (CVE-2022-27245). Successful exploitation can lead to full system takeover.
|
| CVE-2018-12649 |
|
Vulnerability in misp-project (CVE-2018-12649)
vulnerability in misp-project (CVE-2018-12649). Successful exploitation can lead to full system takeover.
|
| CVE-2018-6926 |
|
OS Command Injection in misp-project (CVE-2018-6926)
OS command injection in misp-project (CVE-2018-6926). Successful exploitation can lead to full system takeover.
|
| CVE-2017-16946 |
|
Vulnerability in misp (CVE-2017-16946)
vulnerability in misp (CVE-2017-16946). Confidential information can be exposed externally.
|
| CVE-2017-13671 |
|
Cross-Site Scripting (XSS) in misp (CVE-2017-13671)
cross-site scripting in misp (CVE-2017-13671). Risk of unauthorized operations or information disclosure.
|
| CVE-2015-5721 |
|
Code Injection in misp-project (CVE-2015-5721)
code injection in misp-project (CVE-2015-5721). Successful exploitation can lead to full system takeover.
|
| CVE-2015-5719 |
|
Vulnerability in misp-project (CVE-2015-5719)
vulnerability in misp-project (CVE-2015-5719). Successful exploitation can lead to full system takeover.
|