CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2 days ago•10 views

PT-2026-46226

A URL validation flaw in the MISP dashboard button widget allowed a crafted relative-looking URL to be accepted as a local path while being interpreted by browsers as an external URL. The validation rejected URLs containing an explicit scheme, host, or user component, but did not reject paths...

5.1CVSS5.7AI score0.00036EPSS

Exploits0References2

Vulnrichment•added 4 days ago•5 views

CVE-2026-10611 OTP bypass via plugin-based LDAP authentication in MISP when LDAP mixed authentication is enabled

An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.requireotp=true, users authenticated through an authentication plugin, such as LDAP, may have their authenticat...

8.2CVSS5.8AI score0.00073EPSS

Vulnrichment•added 2026/05/20 2:22 p.m.•6 views

CVE-2026-9084 MISP OIDC authentication bypass via automatic email-based account linking under insecure IdP configurations

MISP’s OIDC authentication plugin allowed automatic linking of an OIDC identity to an existing local user account based on the email claim when the local account had no stored sub value. Under insecure or untrusted IdP configurations where email ownership is not enforced, an attacker with a valid...

6CVSS5.8AI score0.0003EPSS

CNNVD•added 2026/05/13 12:0 a.m.•6 views

MISP 输入验证错误漏洞

MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics, and it includes features such as analysis of threats to network security and malware analysis. Prior to MISP 2.5.37, there was a...

5.3CVSS5.8AI score0.00047EPSS

CVE•added 2025/12/15 3:25 a.m.•8 views

CVE-2025-67906

CVE-2025-67906 affects MISP prior to 2.5.28, where the app/View/Elements/Workflows/executionPath.ctp component is vulnerable to XSS due to improper handling of user-supplied data in the workflow execution path. This could allow injected scripts to run in a user’s browser. Remediation: upgrade to ...

9CVSS6.1AI score0.00037EPSS

Exploits1References5Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2015-5666

Malware in sbrugna...

10CVSS9.5AI score0.00434EPSS

Exploits0References4

Circl•added 2025/09/25 12:36 a.m.•4 views

CVE-2024-52423

creationtimestamp| type| source ---|---|--- 2025-09-25 00:36:28+00:00| seen| MISP/1c5c38d6-3401-41ac-be0e-4cf361fa6f51...

6.5CVSS5.8AI score0.00211EPSS

Circl•added 2025/09/16 11:16 p.m.•1 views

CVE-2024-43722

creationtimestamp| type| source ---|---|--- 2025-09-16 23:16:38+00:00| seen| MISP/be792712-f638-4d7d-b62d-4f5032e86764 2025-09-18 16:44:32+00:00| seen| MISP/be792712-f638-4d7d-b62d-4f5032e86764...

5.4CVSS5.6AI score0.00897EPSS

Circl•added 2025/09/16 11:16 p.m.•2 views

CVE-2024-52837

creationtimestamp| type| source ---|---|--- 2025-09-16 23:16:38+00:00| seen| MISP/be792712-f638-4d7d-b62d-4f5032e86764 2025-09-18 16:44:32+00:00| seen| MISP/be792712-f638-4d7d-b62d-4f5032e86764...

5.4CVSS5.1AI score0.00897EPSS

Circl•added 2025/09/09 8:56 p.m.•2 views

CVE-2025-20288

creationtimestamp| type| source ---|---|--- 2025-09-09 20:56:46+00:00| seen| MISP/2bceffac-02c3-4c54-a709-6e253b38ec76...

5.8CVSS4.8AI score0.00037EPSS

Circl•added 2025/09/09 8:56 p.m.•2 views

CVE-2025-53867

creationtimestamp| type| source ---|---|--- 2025-09-09 20:56:45+00:00| seen| MISP/2bceffac-02c3-4c54-a709-6e253b38ec76...

9.8CVSS4.8AI score0.01563EPSS

Circl•added 2025/09/09 8:56 p.m.•1 views

CVE-2025-1469

creationtimestamp| type| source ---|---|--- 2025-09-09 20:56:44+00:00| seen| MISP/2bceffac-02c3-4c54-a709-6e253b38ec76...

7.5CVSS4.8AI score0.00272EPSS

Circl•added 2025/09/09 8:56 p.m.•3 views

CVE-2025-7949

creationtimestamp| type| source ---|---|--- 2025-09-09 20:56:44+00:00| seen| MISP/2bceffac-02c3-4c54-a709-6e253b38ec76...

6.1CVSS5.9AI score0.00209EPSS

Circl•added 2025/09/09 8:51 p.m.•2 views

CVE-2025-7412

creationtimestamp| type| source ---|---|--- 2025-09-09 20:51:40+00:00| seen| MISP/e0a0042d-e47b-4875-b781-99d4428af3c2...

8.8CVSS5.9AI score0.00283EPSS

Circl•added 2025/09/09 8:51 p.m.•2 views

CVE-2025-53634

creationtimestamp| type| source ---|---|--- 2025-09-09 20:51:40+00:00| seen| MISP/e0a0042d-e47b-4875-b781-99d4428af3c2...

8.7CVSS5.9AI score0.00473EPSS

Circl•added 2025/09/09 8:51 p.m.•1 views

CVE-2025-7471

creationtimestamp| type| source ---|---|--- 2025-09-09 20:51:39+00:00| seen| MISP/e0a0042d-e47b-4875-b781-99d4428af3c2...

9.8CVSS5.9AI score0.00204EPSS

Circl•added 2025/08/31 3:13 a.m.•3 views

CVE-2014-0285

creationtimestamp| type| source ---|---|--- 2025-08-31 03:13:16+00:00| seen| MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57...

9.3CVSS5.9AI score0.23811EPSS

Circl•added 2025/08/31 3:13 a.m.•2 views

CVE-2019-8023

creationtimestamp| type| source ---|---|--- 2025-08-31 03:13:14+00:00| seen| MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57...

9.8CVSS5.9AI score0.16163EPSS

Circl•added 2025/08/31 3:13 a.m.•1 views

CVE-2014-1800

creationtimestamp| type| source ---|---|--- 2025-08-31 03:13:05+00:00| seen| MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57...

9.3CVSS5.9AI score0.46097EPSS