5372 matches found
CVE-2026-44379
MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 UUID validation on the uuid field. As a result, a user able to create or modify Collection records could submit malformed UUID values, potentially causing integrity issues o...
CVE-2026-44379 MISP: Improper UUID validation in MISP Collections
MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 UUID validation on the uuid field. As a result, a user able to create or modify Collection records could submit malformed UUID values, potentially causing integrity issues o...
CVE-2026-44380
CVE-2026-44380 (MISP) is an improper access-control flaw in the authentication key reset feature present before version 2.5.37. An authenticated organization administrator could reset auth keys for site administrator accounts within the same organization, since non-site administrators were not ex...
CVE-2026-44380 MISP: Improper access control in auth key reset allows privilege escalation to site administrator
MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in the authentication key reset functionality allowed an authenticated organization administrator to reset authentication keys belonging to site administrator accounts within...
CVE-2026-44381
MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, a SQL injection vulnerability existed in the handling of user-controlled ordering parameters in the event and shadow attribute listing endpoints. The affected code accepted order or sort values from request paramete...
CVE-2026-44363
MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7, an unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The htmltomarkdown module accepted arbitrary HTTPS URLs without sufficient validation, which could allo...
CVE-2026-44364
MISP modules are autonomous modules that can be used to extend MISP for new services. In 3.0.7 and earlier, a Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerabili...
CVE-2026-44363 Unsafe remote resource fetching in expansion misp-modules
MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7, an unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The htmltomarkdown module accepted arbitrary HTTPS URLs without sufficient validation, which could allo...
CVE-2026-44363 Unsafe remote resource fetching in expansion misp-modules
MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7, an unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The htmltomarkdown module accepted arbitrary HTTPS URLs without sufficient validation, which could allo...
CVE-2026-44363
MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7, an unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The htmltomarkdown module accepted arbitrary HTTPS URLs without sufficient validation, which could allo...
CVE-2026-44363
The CVE-2026-44363 issue affects MISP modules (misp-modules), specifically the html_to_markdown and qrcode modules. Root cause: unsafe remote resource fetching and insufficient URL validation, with qrcode also disabling TLS certificate verification. Impact: potential Server-Side Request Forgery (...
CVE-2026-44364
MISP modules are autonomous modules that can be used to extend MISP for new services. In 3.0.7 and earlier, a Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerabili...
CVE-2026-44364
The CVE affects the MISP-modules component in MISP modules’ home blueprint prior to 3.0.7, where CSRF protection was disabled, allowing an authenticated user to trigger unintended requests and potentially modify session query data. The issue was fixed by enabling CSRF protection for the affected ...
CVE-2026-44364 misp-modules website - Missing CSRF protection in the website home blueprint
MISP modules are autonomous modules that can be used to extend MISP for new services. In 3.0.7 and earlier, a Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerabili...
MISP 安全漏洞
MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics, and it includes features such as analysis of threats to network security and malware analysis. Prior to MISP 2.5.37, there were...
MISP modules 跨站请求伪造漏洞
MISP modules are scalable threat intelligence platform modules developed under the open-source MISP Project. They support import, export, expansion, and automated workflows. MISP modules 3.0.7 and earlier versions had a cross-site request forgery vulnerability. This vulnerability stemmed from the...
MISP SQL注入漏洞
MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics, and it includes functions such as analysis of threats to network security and malware analysis. Prior to MISP 2.5.37, there was an S...
CVE-2026-8080 MISP core - Stored XSS in MISP template (old engine) element attribute type
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application accepted...
CVE-2026-8080 MISP core - Stored XSS in MISP template (old engine) element attribute type
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application accepted...
CVE-2026-8080
CVE-2026-8080 affects MISP core, specifically the old templating engine, where template element attribute type and category values were not validated. This stored XSS vulnerability impacts versions before 2.5.37 and is tied to the old engine later removed in 2.5.38. The CVSS-derived metrics indic...