Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-56424 |
|
Vulnerability in misp-project (CVE-2026-56424)
vulnerability in misp-project (CVE-2026-56424). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56425 |
|
Vulnerability in csrf (CVE-2026-56425)
vulnerability in csrf (CVE-2026-56425). Successful exploitation can lead to full system takeover. Exploitable via `Referer header`.
|
| CVE-2026-56446 |
|
Code Injection in misp-project (CVE-2026-56446)
code injection in misp-project (CVE-2026-56446). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56447 |
|
Vulnerability in misp-project (CVE-2026-56447)
vulnerability in misp-project (CVE-2026-56447). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56423 |
|
Vulnerability in misp-project (CVE-2026-56423)
vulnerability in misp-project (CVE-2026-56423). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10864 |
|
Information Disclosure in misp (CVE-2026-10864)
vulnerability in misp (CVE-2026-10864). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10863 |
|
Vulnerability in sqli (CVE-2026-10863)
vulnerability in sqli (CVE-2026-10863). Confidential information can be exposed externally.
|
| CVE-2026-10854 |
|
Information Disclosure in misp (CVE-2026-10854)
vulnerability in misp (CVE-2026-10854). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10856 |
|
Open Redirect in misp (CVE-2026-10856)
vulnerability in misp (CVE-2026-10856). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10861 |
|
Open Redirect in misp (CVE-2026-10861)
vulnerability in misp (CVE-2026-10861). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10855 |
|
Vulnerability in misp (CVE-2026-10855)
vulnerability in misp (CVE-2026-10855). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10860 |
|
Authorization Flaw in misp (CVE-2026-10860)
vulnerability in misp (CVE-2026-10860). Data can be tampered with by attackers.
|
| CVE-2026-10611 |
|
Authentication Bypass in misp (CVE-2026-10611)
authentication bypass in misp (CVE-2026-10611). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9136 |
|
Vulnerability in misp (CVE-2026-9136)
vulnerability in misp (CVE-2026-9136). Data can be tampered with by attackers.
|
| CVE-2026-9137 |
|
Vulnerability in c (CVE-2026-9137)
vulnerability in c (CVE-2026-9137). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44379 |
|
Vulnerability in misp (CVE-2026-44379)
vulnerability in misp (CVE-2026-44379). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.5.37` or later.
|
| CVE-2026-44380 |
|
Authorization Flaw in misp (CVE-2026-44380)
vulnerability in misp (CVE-2026-44380). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.5.37` or later.
|
| CVE-2026-44381 |
|
SQL Injection in sqli (CVE-2026-44381)
SQL injection in sqli (CVE-2026-44381). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.5.37` or later.
|
| CVE-2026-8080 |
|
Cross-Site Scripting (XSS) in misp (CVE-2026-8080)
cross-site scripting in misp (CVE-2026-8080). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-39962 |
|
Vulnerability in misp-project (CVE-2026-39962)
vulnerability in misp-project (CVE-2026-39962). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.5.36` or later.
|
| CVE-2025-67906 |
|
Cross-Site Scripting (XSS) in misp-project (CVE-2025-67906)
cross-site scripting in misp-project (CVE-2025-67906). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-58128 |
|
Cross-Site Scripting (XSS) in misp-project (CVE-2024-58128)
cross-site scripting in misp-project (CVE-2024-58128). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-58129 |
|
Cross-Site Scripting (XSS) in misp-project (CVE-2024-58129)
cross-site scripting in misp-project (CVE-2024-58129). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-58130 |
|
Cross-Site Scripting (XSS) in misp-project (CVE-2024-58130)
cross-site scripting in misp-project (CVE-2024-58130). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-57969 |
|
app/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a GUI attribute search.
app/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a GUI attribute search.
|
| CVE-2024-46918 |
|
Authorization Flaw in misp-project (CVE-2024-46918)
vulnerability in misp-project (CVE-2024-46918). Confidential information can be exposed externally.
|
| CVE-2024-45509 |
|
Authorization Flaw in misp-project (CVE-2024-45509)
vulnerability in misp-project (CVE-2024-45509). Confidential information can be exposed externally.
|
| CVE-2024-29858 |
|
Vulnerability in misp-project (CVE-2024-29858)
vulnerability in misp-project (CVE-2024-29858). Successful exploitation can lead to full system takeover.
|
| CVE-2024-29859 |
|
Unrestricted File Upload in misp-project (CVE-2024-29859)
vulnerability in misp-project (CVE-2024-29859). Successful exploitation can lead to full system takeover.
|
| CVE-2024-25674 |
|
Unrestricted File Upload in misp-project (CVE-2024-25674)
vulnerability in misp-project (CVE-2024-25674). Successful exploitation can lead to full system takeover.
|
| CVE-2024-25675 |
|
Vulnerability in misp-project (CVE-2024-25675)
vulnerability in misp-project (CVE-2024-25675). Successful exploitation can lead to full system takeover.
|
| CVE-2023-50918 |
|
app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.
app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.
|
| CVE-2023-49926 |
|
app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget.
app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget.
|
| CVE-2023-48659 |
|
Vulnerability in misp-project (CVE-2023-48659)
vulnerability in misp-project (CVE-2023-48659). Successful exploitation can lead to full system takeover.
|
| CVE-2023-48658 |
|
Vulnerability in misp-project (CVE-2023-48658)
vulnerability in misp-project (CVE-2023-48658). Successful exploitation can lead to full system takeover.
|
| CVE-2023-48657 |
|
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.
|
| CVE-2023-48656 |
|
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.
|
| CVE-2023-48655 |
|
Vulnerability in misp-project (CVE-2023-48655)
vulnerability in misp-project (CVE-2023-48655). Successful exploitation can lead to full system takeover.
|
| CVE-2023-41098 |
|
Cross-Site Scripting (XSS) in misp-project (CVE-2023-41098)
cross-site scripting in misp-project (CVE-2023-41098). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-40224 |
|
MISP 2.4.174 allows XSS in app/View/Events/index.ctp.
MISP 2.4.174 allows XSS in app/View/Events/index.ctp.
|
| CVE-2023-37307 |
|
Cross-Site Scripting (XSS) in misp-project (CVE-2023-37307)
cross-site scripting in misp-project (CVE-2023-37307). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-37306 |
|
Vulnerability in misp-project (CVE-2023-37306)
vulnerability in misp-project (CVE-2023-37306). Confidential information can be exposed externally.
|
| CVE-2023-28884 |
|
In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.
In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.
|
| CVE-2023-28607 |
|
js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip.
js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip.
|
| CVE-2023-28606 |
|
js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips.
js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips.
|
| CVE-2022-48328 |
|
Vulnerability in misp-project (CVE-2022-48328)
vulnerability in misp-project (CVE-2022-48328). Successful exploitation can lead to full system takeover.
|
| CVE-2022-48329 |
|
Vulnerability in misp-project (CVE-2022-48329)
vulnerability in misp-project (CVE-2022-48329). Successful exploitation can lead to full system takeover.
|
| CVE-2023-24070 |
|
Cross-Site Scripting (XSS) in misp-project (CVE-2023-24070)
cross-site scripting in misp-project (CVE-2023-24070). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-24027 |
|
In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name.
In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name.
|
| CVE-2022-47928 |
|
Cross-Site Scripting (XSS) in misp-project (CVE-2022-47928)
cross-site scripting in misp-project (CVE-2022-47928). Risk of unauthorized operations or information disclosure.
|