Lucene search
K

224 matches found

NVD
NVD
added 6 days ago6 views

CVE-2026-35211

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260401.0, the OpenCTI GraphQL API exposes a script filter operator in its FilterOperator enum that allows any authenticated user with the KNOWLEDGE capability to pass user-supplied...

6.5CVSS0.00376EPSS
Exploits0References4
NVD
NVD
added 6 days ago8 views

CVE-2026-35210

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260326.0, an authorization bypass vulnerability in OpenCTI allows any authenticated user with KNOWLEDGEKNUPDATE permission to bypass Confidence Level validation and Object Marking...

7.1CVSS0.00269EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-35211 OpenCTI: Elasticsearch Painless Script Injection via GraphQL `script` filter operator allows authenticated user to exfiltrate data and cause DoS

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260401.0, the OpenCTI GraphQL API exposes a script filter operator in its FilterOperator enum that allows any authenticated user with the KNOWLEDGE capability to pass user-supplied...

6.5CVSS0.00376EPSS
Exploits0References4
CVE
CVE
added 6 days ago8 views

CVE-2026-35211

OpenCTI exposes a script filter operator in the GraphQL FilterOperator enum prior to version 7.260401.0. An authenticated user with the KNOWLEDGE capability can pass user-supplied Elasticsearch Painless script values directly into search queries without validation, enabling potentially expensive ...

6.5CVSS6AI score0.00376EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-35210 OpenCTI: Authorization Bypass via `synchronized-upsert` HTTP Header Injection

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260326.0, an authorization bypass vulnerability in OpenCTI allows any authenticated user with KNOWLEDGEKNUPDATE permission to bypass Confidence Level validation and Object Marking...

7.1CVSS0.00269EPSS
Exploits0References4
CVE
CVE
added 6 days ago12 views

CVE-2026-35210

Summary: OpenCTI prior to version 7.260326.0 contains an authorization bypass via the synchronized-upsert: true HTTP header, exploitable by any authenticated user with KNOWLEDGE_KNUPDATE permission. This allows bypassing Confidence Level validation and Object Marking restrictions, enabling attack...

7.1CVSS5.9AI score0.00269EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-56601

Name of the Vulnerable Software and Affected Versions OpenCTI versions prior to 7.260326.0 Description An authorization bypass allows authenticated users with KNOWLEDGE KNUPDATE permission to circumvent Confidence Level validation and Object Marking restrictions. This is achieved by injecting the...

7.1CVSS6.1AI score0.00269EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/22 5:1 p.m.4 views

EUVD-2026-11599

OpenCTI has Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature...

7.7CVSS5.8AI score0.00212EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 4:43 p.m.7 views

EUVD-2024-36468

OpenCTI May Bypass Introspection Restriction...

8.2CVSS5.8AI score0.00442EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.15 views

CVE-2026-35212

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Versions prior to 7.260227.0 are vulnerable to XSS in the rendering of email-message observable body data. The content of the body field isn't appropriately sanitized when being rendered. Does...

6.1CVSS5.4AI score0.00149EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.10 views

CVE-2026-39980

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.5, the safeEjs.ts file does not properly sanitize EJS templates. Users with the Manage customization capability can run arbitrary JavaScript in the context of the OpenCTI platform...

9.1CVSS5.6AI score0.00522EPSS
Exploits0References1
PyPA
PyPA
added 2026/06/02 10:16 p.m.13 views

PYSEC-2026-203

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Versions prior to 7.260227.0 are vulnerable to XSS in the rendering of email-message observable body data. The content of the body field isn't appropriately sanitized when being rendered. Does...

6.1CVSS5.4AI score0.00149EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/02 10:16 p.m.14 views

CVE-2026-35212

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Versions prior to 7.260227.0 are vulnerable to XSS in the rendering of email-message observable body data. The content of the body field isn't appropriately sanitized when being rendered. Does...

6.1CVSS0.00149EPSS
Exploits0References1
OSV
OSV
added 2026/06/02 10:16 p.m.10 views

PYSEC-2026-203

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Versions prior to 7.260227.0 are vulnerable to XSS in the rendering of email-message observable body data. The content of the body field isn't appropriately sanitized when being rendered. Does...

6.1CVSS5.4AI score0.00149EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 9:28 p.m.13 views

EUVD-2026-34035

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Versions prior to 7.260227.0 are vulnerable to XSS in the rendering of email-message observable body data. The content of the body field isn't appropriately sanitized when being rendered. Does...

5.3CVSS5.8AI score0.00149EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 9:28 p.m.8 views

CVE-2026-35212

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Versions prior to 7.260227.0 are vulnerable to XSS in the rendering of email-message observable body data. The content of the body field isn't appropriately sanitized when being rendered. Does...

5.3CVSS5.8AI score0.00149EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/02 9:28 p.m.38 views

CVE-2026-35212 OpenCTI has XSS in the rendering of email-message observable body data

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Versions prior to 7.260227.0 are vulnerable to XSS in the rendering of email-message observable body data. The content of the body field isn't appropriately sanitized when being rendered. Does...

5.3CVSS0.00149EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 9:28 p.m.11 views

CVE-2026-35212 OpenCTI has XSS in the rendering of email-message observable body data

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Versions prior to 7.260227.0 are vulnerable to XSS in the rendering of email-message observable body data. The content of the body field isn't appropriately sanitized when being rendered. Does...

5.3CVSS5.8AI score0.00149EPSS
Exploits0References1
CVE
CVE
added 2026/06/02 9:28 p.m.36 views

CVE-2026-35212

OpenCTI vulnerability CVE-2026-35212: XSS in rendering of email-message observable body data due to insufficient sanitization in versions prior to 7.260227.0. The body content is rendered without proper sanitization, requiring user interaction and could be triggered by sharing STIX or ingesters, ...

6.1CVSS5.8AI score0.00149EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

OpenCTI 跨站脚本漏洞

OpenCTI is an open-source network threat intelligence platform developed by OpenCTI. Versions of OpenCTI prior to 7.260227.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of the email-message observable body data during its rendering, which coul...

6.1CVSS4.9AI score0.00149EPSS
Exploits0References1
Rows per page
Query Builder