Misp
32 CVEsCVE IDSeverityProduct / summaryPublished
CVE-2026-56422
CRITICAL 9.4
Misp — Multiple MISP core controllers and model capture paths accepted client-controlled request fields such as prima…
2026-06-22
CVE-2026-56423
CRITICAL 9.4
Misp — MISP Core contained broken access-control checks in the bulk deletion flows for Event Reports and Sharing Grou…
2026-06-22
CVE-2026-56424
HIGH 7.1
Misp — MISP core contained multiple broken access-control flaws where authorization checks were performed against the…
2026-06-22
CVE-2026-56425
CRITICAL 9.3
Misp — The Azure Active Directory (AAD) authentication implementation contained multiple weaknesses in its OAuth 2.0 …
2026-06-22
CVE-2026-56446
HIGH 8.7
Misp — MISP allowed a site administrator to configure an arbitrary filesystem path for the NDJSON error log used by J…
2026-06-22
CVE-2026-56447
CRITICAL 9.3
Misp — MISP allowed an authenticated site administrator to set the Kafka_rdkafka_config setting to an arbitrary files…
2026-06-22
CVE-2026-54357
MEDIUM 5.1
Misp — An improper authorization vulnerability in MISP allowed an authenticated organization administrator to access …
2026-06-12
CVE-2026-54358
HIGH 7.5
Misp — An incorrect authorization vulnerability in MISP allows an organization administrator to target site administr…
2026-06-12
CVE-2026-54359
HIGH 7.1
Misp — MISP contains an insecure default configuration in which the Security.check_sec_fetch_site_header control is d…
2026-06-12
CVE-2026-54360
HIGH 8.4
Misp — A mass assignment vulnerability exists in MISP’s sharing group creation endpoint. When creating a new sharing …
2026-06-12
CVE-2026-54361
HIGH 8.8
Misp — MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag collections, event…
2026-06-12
CVE-2026-54362
MEDIUM 5.3
Misp — An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin user…
2026-06-12
CVE-2026-54393
MEDIUM 5.1
Misp — A stored cross-site scripting vulnerability exists in MISP when the Overmind theme is used. The setHomePage en…
2026-06-12
CVE-2026-54394
MEDIUM 5.3
Misp — MISP contains a path traversal vulnerability in OrganisationsController::getOrgLogo. The vulnerable code build…
2026-06-12
CVE-2026-54395
MEDIUM 5.3
Misp — MISP contains a reflected cross-site scripting vulnerability in the UiBeta event index view. The urlparams val…
2026-06-12
CVE-2026-54396
MEDIUM 5.3
Misp — An information disclosure vulnerability exists in the MISP AuthKey edit functionality. When a validation error…
2026-06-12
CVE-2026-54397
MEDIUM 6.1
Misp — A vulnerability in MISP’s non-REST event editing path allowed an authenticated user with event edit permission…
2026-06-12
CVE-2026-54398
MEDIUM 5.3
Misp — An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing per…
2026-06-12
CVE-2026-53693
MEDIUM 6.9
Bsimvis — A stored cross-site scripting vulnerability existed in MISP BSimVis tag rendering code. Several client-side re…
2026-06-10
CVE-2026-10854
MEDIUM 5.3
Misp — A visibility control issue in the event template creation workflow allowed non-site-admin users to access priv…
2026-06-04
CVE-2026-10855
MEDIUM 5.1
Misp — An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event …
2026-06-04
CVE-2026-10856
MEDIUM 5.1
Misp — A URL validation flaw in the MISP dashboard button widget allowed a crafted relative-looking URL to be accepte…
2026-06-04
CVE-2026-10860
HIGH 7.9
Misp — A logic error in the MISP CRUD component delete handler allowed validation failures to be bypassed when reques…
2026-06-04
CVE-2026-10861
MEDIUM 5.1
Misp — An open redirect vulnerability existed in MISP UsersController::routeafterlogin() because the value stored in …
2026-06-04
CVE-2026-10863
MEDIUM 6.4
Misp — A security issue was fixed in the correlations over-correlation endpoint where the order query parameter was a…
2026-06-04
CVE-2026-10864
MEDIUM 5.3
Misp — A vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the fields option an…
2026-06-04
CVE-2026-10868
CRITICAL 9
Misp — A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of us…
2026-06-04
CVE-2026-10611
HIGH 8.2
Misp — An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enfor…
2026-06-02
CVE-2026-9806
MEDIUM 6.3
Cti Transmute — A stored cross-site scripting (XSS) vulnerability exists in the notification panel of CTI Transmute in version…
2026-05-28
CVE-2026-9084
MEDIUM 6
Misp — MISP’s OIDC authentication plugin allowed automatic linking of an OIDC identity to an existing local user acco…
2026-05-20
CVE-2026-9136
HIGH 8.3
Misp — A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user…
2026-05-20
CVE-2026-9137
MEDIUM 5.1
Misp — The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed reports u…
2026-05-20