Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: misp-project Clear
ID Title
CVE-2026-56424 Vulnerability in misp-project (CVE-2026-56424)
vulnerability in misp-project (CVE-2026-56424). Successful exploitation can lead to full system takeover.
CVE-2026-56425 Vulnerability in csrf (CVE-2026-56425)
vulnerability in csrf (CVE-2026-56425). Successful exploitation can lead to full system takeover. Exploitable via `Referer header`.
CVE-2026-56446 Code Injection in misp-project (CVE-2026-56446)
code injection in misp-project (CVE-2026-56446). Successful exploitation can lead to full system takeover.
CVE-2026-56447 Vulnerability in misp-project (CVE-2026-56447)
vulnerability in misp-project (CVE-2026-56447). Successful exploitation can lead to full system takeover.
CVE-2026-56423 Vulnerability in misp-project (CVE-2026-56423)
vulnerability in misp-project (CVE-2026-56423). Successful exploitation can lead to full system takeover.
CVE-2026-10864 Information Disclosure in misp (CVE-2026-10864)
vulnerability in misp (CVE-2026-10864). Risk of unauthorized operations or information disclosure.
CVE-2026-10863 Vulnerability in sqli (CVE-2026-10863)
vulnerability in sqli (CVE-2026-10863). Confidential information can be exposed externally.
CVE-2026-10854 Information Disclosure in misp (CVE-2026-10854)
vulnerability in misp (CVE-2026-10854). Risk of unauthorized operations or information disclosure.
CVE-2026-10856 Open Redirect in misp (CVE-2026-10856)
vulnerability in misp (CVE-2026-10856). Risk of unauthorized operations or information disclosure.
CVE-2026-10861 Open Redirect in misp (CVE-2026-10861)
vulnerability in misp (CVE-2026-10861). Risk of unauthorized operations or information disclosure.
CVE-2026-10855 Vulnerability in misp (CVE-2026-10855)
vulnerability in misp (CVE-2026-10855). Risk of unauthorized operations or information disclosure.
CVE-2026-10860 Authorization Flaw in misp (CVE-2026-10860)
vulnerability in misp (CVE-2026-10860). Data can be tampered with by attackers.
CVE-2026-10611 Authentication Bypass in misp (CVE-2026-10611)
authentication bypass in misp (CVE-2026-10611). Successful exploitation can lead to full system takeover.
CVE-2026-9136 Vulnerability in misp (CVE-2026-9136)
vulnerability in misp (CVE-2026-9136). Data can be tampered with by attackers.
CVE-2026-9137 Vulnerability in c (CVE-2026-9137)
vulnerability in c (CVE-2026-9137). Risk of unauthorized operations or information disclosure.
CVE-2026-44379 Vulnerability in misp (CVE-2026-44379)
vulnerability in misp (CVE-2026-44379). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.5.37` or later.
CVE-2026-44380 Authorization Flaw in misp (CVE-2026-44380)
vulnerability in misp (CVE-2026-44380). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.5.37` or later.
CVE-2026-44381 SQL Injection in sqli (CVE-2026-44381)
SQL injection in sqli (CVE-2026-44381). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.5.37` or later.
CVE-2026-8080 Cross-Site Scripting (XSS) in misp (CVE-2026-8080)
cross-site scripting in misp (CVE-2026-8080). Risk of unauthorized operations or information disclosure.
CVE-2026-39962 Vulnerability in misp-project (CVE-2026-39962)
vulnerability in misp-project (CVE-2026-39962). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.5.36` or later.
CVE-2025-67906 Cross-Site Scripting (XSS) in misp-project (CVE-2025-67906)
cross-site scripting in misp-project (CVE-2025-67906). Risk of unauthorized operations or information disclosure.
CVE-2024-58128 Cross-Site Scripting (XSS) in misp-project (CVE-2024-58128)
cross-site scripting in misp-project (CVE-2024-58128). Risk of unauthorized operations or information disclosure.
CVE-2024-58129 Cross-Site Scripting (XSS) in misp-project (CVE-2024-58129)
cross-site scripting in misp-project (CVE-2024-58129). Risk of unauthorized operations or information disclosure.
CVE-2024-58130 Cross-Site Scripting (XSS) in misp-project (CVE-2024-58130)
cross-site scripting in misp-project (CVE-2024-58130). Risk of unauthorized operations or information disclosure.
CVE-2024-57969 app/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a GUI attribute search.
app/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a GUI attribute search.
CVE-2024-46918 Authorization Flaw in misp-project (CVE-2024-46918)
vulnerability in misp-project (CVE-2024-46918). Confidential information can be exposed externally.
CVE-2024-45509 Authorization Flaw in misp-project (CVE-2024-45509)
vulnerability in misp-project (CVE-2024-45509). Confidential information can be exposed externally.
CVE-2024-29858 Vulnerability in misp-project (CVE-2024-29858)
vulnerability in misp-project (CVE-2024-29858). Successful exploitation can lead to full system takeover.
CVE-2024-29859 Unrestricted File Upload in misp-project (CVE-2024-29859)
vulnerability in misp-project (CVE-2024-29859). Successful exploitation can lead to full system takeover.
CVE-2024-25674 Unrestricted File Upload in misp-project (CVE-2024-25674)
vulnerability in misp-project (CVE-2024-25674). Successful exploitation can lead to full system takeover.
CVE-2024-25675 Vulnerability in misp-project (CVE-2024-25675)
vulnerability in misp-project (CVE-2024-25675). Successful exploitation can lead to full system takeover.
CVE-2023-50918 app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.
app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.
CVE-2023-49926 app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget.
app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget.
CVE-2023-48659 Vulnerability in misp-project (CVE-2023-48659)
vulnerability in misp-project (CVE-2023-48659). Successful exploitation can lead to full system takeover.
CVE-2023-48658 Vulnerability in misp-project (CVE-2023-48658)
vulnerability in misp-project (CVE-2023-48658). Successful exploitation can lead to full system takeover.
CVE-2023-48657 An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.
CVE-2023-48656 An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.
CVE-2023-48655 Vulnerability in misp-project (CVE-2023-48655)
vulnerability in misp-project (CVE-2023-48655). Successful exploitation can lead to full system takeover.
CVE-2023-41098 Cross-Site Scripting (XSS) in misp-project (CVE-2023-41098)
cross-site scripting in misp-project (CVE-2023-41098). Risk of unauthorized operations or information disclosure.
CVE-2023-40224 MISP 2.4.174 allows XSS in app/View/Events/index.ctp.
MISP 2.4.174 allows XSS in app/View/Events/index.ctp.
CVE-2023-37307 Cross-Site Scripting (XSS) in misp-project (CVE-2023-37307)
cross-site scripting in misp-project (CVE-2023-37307). Risk of unauthorized operations or information disclosure.
CVE-2023-37306 Vulnerability in misp-project (CVE-2023-37306)
vulnerability in misp-project (CVE-2023-37306). Confidential information can be exposed externally.
CVE-2023-28884 In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.
In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.
CVE-2023-28607 js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip.
js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip.
CVE-2023-28606 js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips.
js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips.
CVE-2022-48328 Vulnerability in misp-project (CVE-2022-48328)
vulnerability in misp-project (CVE-2022-48328). Successful exploitation can lead to full system takeover.
CVE-2022-48329 Vulnerability in misp-project (CVE-2022-48329)
vulnerability in misp-project (CVE-2022-48329). Successful exploitation can lead to full system takeover.
CVE-2023-24070 Cross-Site Scripting (XSS) in misp-project (CVE-2023-24070)
cross-site scripting in misp-project (CVE-2023-24070). Risk of unauthorized operations or information disclosure.
CVE-2023-24027 In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name.
In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name.
CVE-2022-47928 Cross-Site Scripting (XSS) in misp-project (CVE-2022-47928)
cross-site scripting in misp-project (CVE-2022-47928). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →