Lucene search
K

5372 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/13 8:53 p.m.8 views

CVE-2026-44379

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 UUID validation on the uuid field. As a result, a user able to create or modify Collection records could submit malformed UUID values, potentially causing integrity issues o...

5.3CVSS5.9AI score0.00178EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/13 8:53 p.m.7 views

CVE-2026-44379 MISP: Improper UUID validation in MISP Collections

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 UUID validation on the uuid field. As a result, a user able to create or modify Collection records could submit malformed UUID values, potentially causing integrity issues o...

5.3CVSS5.9AI score0.00178EPSS
Exploits0References2
CVE
CVE
added 2026/05/13 8:51 p.m.14 views

CVE-2026-44380

CVE-2026-44380 (MISP) is an improper access-control flaw in the authentication key reset feature present before version 2.5.37. An authenticated organization administrator could reset auth keys for site administrator accounts within the same organization, since non-site administrators were not ex...

8.6CVSS5.8AI score0.00403EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/13 8:51 p.m.35 views

CVE-2026-44380 MISP: Improper access control in auth key reset allows privilege escalation to site administrator

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in the authentication key reset functionality allowed an authenticated organization administrator to reset authentication keys belonging to site administrator accounts within...

8.6CVSS0.00403EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 8:50 p.m.6 views

CVE-2026-44381

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, a SQL injection vulnerability existed in the handling of user-controlled ordering parameters in the event and shadow attribute listing endpoints. The affected code accepted order or sort values from request paramete...

9.3CVSS5.9AI score0.0054EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/13 8:16 p.m.46 views

CVE-2026-44363

MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7, an unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The htmltomarkdown module accepted arbitrary HTTPS URLs without sufficient validation, which could allo...

5.8CVSS0.00102EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 8:16 p.m.48 views

CVE-2026-44364

MISP modules are autonomous modules that can be used to extend MISP for new services. In 3.0.7 and earlier, a Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerabili...

9.3CVSS0.00185EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 7:16 p.m.50 views

CVE-2026-44363 Unsafe remote resource fetching in expansion misp-modules

MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7, an unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The htmltomarkdown module accepted arbitrary HTTPS URLs without sufficient validation, which could allo...

5.8CVSS0.00102EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/13 7:16 p.m.6 views

CVE-2026-44363 Unsafe remote resource fetching in expansion misp-modules

MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7, an unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The htmltomarkdown module accepted arbitrary HTTPS URLs without sufficient validation, which could allo...

5.8CVSS6AI score0.00102EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 7:16 p.m.7 views

CVE-2026-44363

MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7, an unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The htmltomarkdown module accepted arbitrary HTTPS URLs without sufficient validation, which could allo...

5.8CVSS6AI score0.00102EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/13 7:16 p.m.17 views

CVE-2026-44363

The CVE-2026-44363 issue affects MISP modules (misp-modules), specifically the html_to_markdown and qrcode modules. Root cause: unsafe remote resource fetching and insufficient URL validation, with qrcode also disabling TLS certificate verification. Impact: potential Server-Side Request Forgery (...

5.8CVSS6AI score0.00102EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 7:15 p.m.8 views

CVE-2026-44364

MISP modules are autonomous modules that can be used to extend MISP for new services. In 3.0.7 and earlier, a Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerabili...

9.3CVSS5.8AI score0.00185EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/13 7:15 p.m.21 views

CVE-2026-44364

The CVE affects the MISP-modules component in MISP modules’ home blueprint prior to 3.0.7, where CSRF protection was disabled, allowing an authenticated user to trigger unintended requests and potentially modify session query data. The issue was fixed by enabling CSRF protection for the affected ...

9.3CVSS5.8AI score0.00185EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 7:15 p.m.53 views

CVE-2026-44364 misp-modules website - Missing CSRF protection in the website home blueprint

MISP modules are autonomous modules that can be used to extend MISP for new services. In 3.0.7 and earlier, a Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerabili...

9.3CVSS0.00185EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.13 views

MISP 安全漏洞

MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics, and it includes features such as analysis of threats to network security and malware analysis. Prior to MISP 2.5.37, there were...

8.6CVSS5.8AI score0.00403EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

MISP modules 跨站请求伪造漏洞

MISP modules are scalable threat intelligence platform modules developed under the open-source MISP Project. They support import, export, expansion, and automated workflows. MISP modules 3.0.7 and earlier versions had a cross-site request forgery vulnerability. This vulnerability stemmed from the...

9.3CVSS5.7AI score0.00185EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

MISP SQL注入漏洞

MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics, and it includes functions such as analysis of threats to network security and malware analysis. Prior to MISP 2.5.37, there was an S...

9.3CVSS5.9AI score0.0054EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/07 12:7 p.m.62 views

CVE-2026-8080 MISP core - Stored XSS in MISP template (old engine) element attribute type

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application accepted...

6.8CVSS0.00139EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/07 12:7 p.m.9 views

CVE-2026-8080 MISP core - Stored XSS in MISP template (old engine) element attribute type

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application accepted...

6.8CVSS5.8AI score0.00139EPSS
Exploits0References1
CVE
CVE
added 2026/05/07 12:7 p.m.23 views

CVE-2026-8080

CVE-2026-8080 affects MISP core, specifically the old templating engine, where template element attribute type and category values were not validated. This stored XSS vulnerability impacts versions before 2.5.37 and is tied to the old engine later removed in 2.5.38. The CVSS-derived metrics indic...

6.8CVSS5.8AI score0.00139EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder