Lucene search
+L

5394 matches found

CVE
CVE
added 2026/06/04 12:51 p.m.19 views

CVE-2026-10854

CVE-2026-10854 affects MISP: a visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enabled galaxies without applying organisation or distribution-based acce...

5.3CVSS5.8AI score0.00176EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.13 views

PT-2026-46227

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An open redirect occurs in the routeafterlogin function of the UsersController because the value stored in the pre login requested url session key is used as the post-login redirect destination...

6.1CVSS5.5AI score0.00223EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.10 views

MISP 安全漏洞

MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics. It also includes functions such as analyzing threats to network security and malware analysis. MISP has a security vulnerability,...

7.9CVSS5.3AI score0.00197EPSS
Exploits0References1
NVD
NVD
added 2026/06/02 2:16 p.m.24 views

CVE-2026-10611

An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.requireotp=true, users authenticated through an authentication plugin, such as LDAP, may have their authenticat...

10CVSS0.00353EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 12:48 p.m.43 views

CVE-2026-10611 OTP bypass via plugin-based LDAP authentication in MISP when LDAP mixed authentication is enabled

An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.requireotp=true, users authenticated through an authentication plugin, such as LDAP, may have their authenticat...

8.2CVSS0.00353EPSS
Exploits0References1
OSV
OSV
added 2026/06/02 12:48 p.m.4 views

CVE-2026-10611 OTP bypass via plugin-based LDAP authentication in MISP when LDAP mixed authentication is enabled

An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.requireotp=true, users authenticated through an authentication plugin, such as LDAP, may have their authenticat...

8.2CVSS6AI score0.00353EPSS
Exploits0References3
OSV
OSV
added 2026/05/20 6:43 p.m.3 views

CVE-2026-9137 CSP Report Endpoint Log Flooding in MISP via Incorrect Size Limit

The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients, this could allow attackers to generate excessive log volume and contribute to resource...

5.1CVSS5.9AI score0.00365EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/20 6:39 p.m.33 views

CVE-2026-9136 Unauthorized ShadowAttribute modification in MISP via client-supplied identifier

A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the record. Because the underlying framework treats a supplied primary key as an instruction to update...

8.3CVSS0.00229EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/20 6:39 p.m.11 views

EUVD-2026-31151

A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the record. Because the underlying framework treats a supplied primary key as an instruction to update...

8.3CVSS5.7AI score0.00229EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/20 6:39 p.m.10 views

CVE-2026-9136 Unauthorized ShadowAttribute modification in MISP via client-supplied identifier

A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the record. Because the underlying framework treats a supplied primary key as an instruction to update...

8.3CVSS5.7AI score0.00229EPSS
Exploits0References1
NVD
NVD
added 2026/05/20 4:16 p.m.21 views

CVE-2026-9084

MISP’s OIDC authentication plugin allowed automatic linking of an OIDC identity to an existing local user account based on the email claim when the local account had no stored sub value. Under insecure or untrusted IdP configurations where email ownership is not enforced, an attacker with a valid...

6CVSS0.00182EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/20 2:22 p.m.17 views

EUVD-2026-31123

MISP’s OIDC authentication plugin allowed automatic linking of an OIDC identity to an existing local user account based on the email claim when the local account had no stored sub value. Under insecure or untrusted IdP configurations where email ownership is not enforced, an attacker with a valid...

6CVSS5.8AI score0.00182EPSS
Exploits0References1
OSV
OSV
added 2026/05/20 2:22 p.m.3 views

CVE-2026-9084 MISP OIDC authentication bypass via automatic email-based account linking under insecure IdP configurations

MISP’s OIDC authentication plugin allowed automatic linking of an OIDC identity to an existing local user account based on the email claim when the local account had no stored sub value. Under insecure or untrusted IdP configurations where email ownership is not enforced, an attacker with a valid...

6CVSS6AI score0.00182EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.12 views

MISP 授权问题漏洞

MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics. It also includes features for analyzing threats to network security and malware analysis. MISP has an authorization vulnerability;...

6CVSS5.8AI score0.00182EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 9:16 p.m.42 views

CVE-2026-44381

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, a SQL injection vulnerability existed in the handling of user-controlled ordering parameters in the event and shadow attribute listing endpoints. The affected code accepted order or sort values from request paramete...

9.3CVSS0.0054EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 8:53 p.m.8 views

CVE-2026-44379

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 UUID validation on the uuid field. As a result, a user able to create or modify Collection records could submit malformed UUID values, potentially causing integrity issues o...

5.3CVSS5.9AI score0.00178EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/13 8:53 p.m.35 views

CVE-2026-44379 MISP: Improper UUID validation in MISP Collections

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 UUID validation on the uuid field. As a result, a user able to create or modify Collection records could submit malformed UUID values, potentially causing integrity issues o...

5.3CVSS0.00178EPSS
Exploits0References2
OSV
OSV
added 2026/05/13 8:53 p.m.3 views

CVE-2026-44379 MISP: Improper UUID validation in MISP Collections

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 UUID validation on the uuid field. As a result, a user able to create or modify Collection records could submit malformed UUID values, potentially causing integrity issues o...

5.3CVSS6AI score0.00178EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/13 8:53 p.m.7 views

CVE-2026-44379 MISP: Improper UUID validation in MISP Collections

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 UUID validation on the uuid field. As a result, a user able to create or modify Collection records could submit malformed UUID values, potentially causing integrity issues o...

5.3CVSS5.9AI score0.00178EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/13 8:53 p.m.9 views

EUVD-2026-30166

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 UUID validation on the uuid field. As a result, a user able to create or modify Collection records could submit malformed UUID values, potentially causing integrity issues o...

5.3CVSS5.9AI score0.00178EPSS
Exploits0References2
Rows per page
Query Builder