← Browse

Misp

32 CVEs
CVE IDSeverityProduct / summaryPublished
CVE-2026-56422 CRITICAL 9.4 Misp — Multiple MISP core controllers and model capture paths accepted client-controlled request fields such as prima… 2026-06-22 CVE-2026-56423 CRITICAL 9.4 Misp — MISP Core contained broken access-control checks in the bulk deletion flows for Event Reports and Sharing Grou… 2026-06-22 CVE-2026-56424 HIGH 7.1 Misp — MISP core contained multiple broken access-control flaws where authorization checks were performed against the… 2026-06-22 CVE-2026-56425 CRITICAL 9.3 Misp — The Azure Active Directory (AAD) authentication implementation contained multiple weaknesses in its OAuth 2.0 … 2026-06-22 CVE-2026-56446 HIGH 8.7 Misp — MISP allowed a site administrator to configure an arbitrary filesystem path for the NDJSON error log used by J… 2026-06-22 CVE-2026-56447 CRITICAL 9.3 Misp — MISP allowed an authenticated site administrator to set the Kafka_rdkafka_config setting to an arbitrary files… 2026-06-22 CVE-2026-54357 MEDIUM 5.1 Misp — An improper authorization vulnerability in MISP allowed an authenticated organization administrator to access … 2026-06-12 CVE-2026-54358 HIGH 7.5 Misp — An incorrect authorization vulnerability in MISP allows an organization administrator to target site administr… 2026-06-12 CVE-2026-54359 HIGH 7.1 Misp — MISP contains an insecure default configuration in which the Security.check_sec_fetch_site_header control is d… 2026-06-12 CVE-2026-54360 HIGH 8.4 Misp — A mass assignment vulnerability exists in MISP’s sharing group creation endpoint. When creating a new sharing … 2026-06-12 CVE-2026-54361 HIGH 8.8 Misp — MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag collections, event… 2026-06-12 CVE-2026-54362 MEDIUM 5.3 Misp — An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin user… 2026-06-12 CVE-2026-54393 MEDIUM 5.1 Misp — A stored cross-site scripting vulnerability exists in MISP when the Overmind theme is used. The setHomePage en… 2026-06-12 CVE-2026-54394 MEDIUM 5.3 Misp — MISP contains a path traversal vulnerability in OrganisationsController::getOrgLogo. The vulnerable code build… 2026-06-12 CVE-2026-54395 MEDIUM 5.3 Misp — MISP contains a reflected cross-site scripting vulnerability in the UiBeta event index view. The urlparams val… 2026-06-12 CVE-2026-54396 MEDIUM 5.3 Misp — An information disclosure vulnerability exists in the MISP AuthKey edit functionality. When a validation error… 2026-06-12 CVE-2026-54397 MEDIUM 6.1 Misp — A vulnerability in MISP’s non-REST event editing path allowed an authenticated user with event edit permission… 2026-06-12 CVE-2026-54398 MEDIUM 5.3 Misp — An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing per… 2026-06-12 CVE-2026-53693 MEDIUM 6.9 Bsimvis — A stored cross-site scripting vulnerability existed in MISP BSimVis tag rendering code. Several client-side re… 2026-06-10 CVE-2026-10854 MEDIUM 5.3 Misp — A visibility control issue in the event template creation workflow allowed non-site-admin users to access priv… 2026-06-04 CVE-2026-10855 MEDIUM 5.1 Misp — An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event … 2026-06-04 CVE-2026-10856 MEDIUM 5.1 Misp — A URL validation flaw in the MISP dashboard button widget allowed a crafted relative-looking URL to be accepte… 2026-06-04 CVE-2026-10860 HIGH 7.9 Misp — A logic error in the MISP CRUD component delete handler allowed validation failures to be bypassed when reques… 2026-06-04 CVE-2026-10861 MEDIUM 5.1 Misp — An open redirect vulnerability existed in MISP UsersController::routeafterlogin() because the value stored in … 2026-06-04 CVE-2026-10863 MEDIUM 6.4 Misp — A security issue was fixed in the correlations over-correlation endpoint where the order query parameter was a… 2026-06-04 CVE-2026-10864 MEDIUM 5.3 Misp — A vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the fields option an… 2026-06-04 CVE-2026-10868 CRITICAL 9 Misp — A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of us… 2026-06-04 CVE-2026-10611 HIGH 8.2 Misp — An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enfor… 2026-06-02 CVE-2026-9806 MEDIUM 6.3 Cti Transmute — A stored cross-site scripting (XSS) vulnerability exists in the notification panel of CTI Transmute in version… 2026-05-28 CVE-2026-9084 MEDIUM 6 Misp — MISP’s OIDC authentication plugin allowed automatic linking of an OIDC identity to an existing local user acco… 2026-05-20 CVE-2026-9136 HIGH 8.3 Misp — A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user… 2026-05-20 CVE-2026-9137 MEDIUM 5.1 Misp — The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed reports u… 2026-05-20