Lucene search
K

216 matches found

CVE
CVE
added 2026/04/09 4:54 p.m.28 views

CVE-2026-39980

OpenCTI prior to 6.9.5 has a vulnerability in safeEjs.ts where EJS templates are not properly sanitized, allowing users with Manage customization capability to run arbitrary JavaScript in the platform process context during notifier template execution. The issue is fixed in 6.9.5; CVSS 3.1 base s...

9.1CVSS6AI score0.00522EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.8 views

OpenCTI 安全漏洞

OpenCTI is an open-source network threat intelligence platform developed by OpenCTI. Versions of OpenCTI prior to 6.9.5 contained security vulnerabilities. These vulnerabilities stemmed from the improper cleanup of EJS templates in the safeEjs.ts file, allowing users with administrative privilege...

9.1CVSS6.2AI score0.00522EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.7 views

PT-2026-31664

Name of the Vulnerable Software and Affected Versions OpenCTI versions prior to 6.9.5 Description OpenCTI is a platform for managing cyber threat intelligence. Prior to version 6.9.5, the safeEjs.ts file does not properly sanitize EJS templates. Users with Manage customization capability can...

9.1CVSS6AI score0.00522EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.5 views

CVE-2026-21886

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualDeletionDeleteMutation" is intended to allow users to delete individual entity objects respectively. However, it was observed that this...

8.1CVSS5.8AI score0.00227EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.7 views

CVE-2026-21887

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI platform’s data ingestion feature accepts user-supplied URLs without validation and uses the Axios HTTP client with its default configuration allowAbsoluteUrls: true...

7.7CVSS5.9AI score0.00212EPSS
Exploits0References1
PyPA
PyPA
added 2026/03/17 4:16 p.m.10 views

PYSEC-2026-117

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualDeletionDeleteMutation" is intended to allow users to delete individual entity objects respectively. However, it was observed that this...

8.1CVSS5.8AI score0.00227EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/17 4:16 p.m.7 views

PYSEC-2026-117

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualDeletionDeleteMutation" is intended to allow users to delete individual entity objects respectively. However, it was observed that this...

8.1CVSS5.8AI score0.00227EPSS
Exploits0References1
NVD
NVD
added 2026/03/17 4:16 p.m.6 views

CVE-2026-21886

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualDeletionDeleteMutation" is intended to allow users to delete individual entity objects respectively. However, it was observed that this...

8.1CVSS0.00227EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/17 3:26 p.m.5 views

CVE-2026-21886

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualDeletionDeleteMutation" is intended to allow users to delete individual entity objects respectively. However, it was observed that this...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/03/17 3:26 p.m.6 views

EUVD-2026-12578

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualDeletionDeleteMutation" is intended to allow users to delete individual entity objects respectively. However, it was observed that this...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/17 3:26 p.m.26 views

CVE-2026-21886 OpenCTI's GraphQL Mutations Allow Deletion of Unrelated Entities

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualDeletionDeleteMutation" is intended to allow users to delete individual entity objects respectively. However, it was observed that this...

6.5CVSS0.00227EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/17 3:26 p.m.3 views

CVE-2026-21886 OpenCTI's GraphQL Mutations Allow Deletion of Unrelated Entities

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualDeletionDeleteMutation" is intended to allow users to delete individual entity objects respectively. However, it was observed that this...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References1
OSV
OSV
added 2026/03/17 3:26 p.m.5 views

CVE-2026-21886 OpenCTI's GraphQL Mutations Allow Deletion of Unrelated Entities

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualDeletionDeleteMutation" is intended to allow users to delete individual entity objects respectively. However, it was observed that this...

6.5CVSS5.9AI score0.00227EPSS
Exploits0References3
CVE
CVE
added 2026/03/17 3:26 p.m.10 views

CVE-2026-21886

OpenCTI CVE-2026-21886 describes a validation gap in the GraphQL mutation IndividualDeletionDeleteMutation that could let a user delete unrelated or sensitive objects (e.g., analyses, reports) due to lack of contextual checks. Affected software: OpenCTI prior to version 6.9.1. Root cause: API mut...

8.1CVSS5.8AI score0.00227EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.7 views

OpenCTI 安全漏洞

OpenCTI is an open-source network threat intelligence platform developed by OpenCTI. Versions of OpenCTI prior to 6.9.1 contained security vulnerabilities. These vulnerabilities were due to a flaw in GraphQL mutations that lacked validation, which could lead to the deletion of irrelevant and...

8.1CVSS5.8AI score0.00227EPSS
Exploits0References1
NVD
NVD
added 2026/03/12 5:16 p.m.12 views

CVE-2026-21887

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI platform’s data ingestion feature accepts user-supplied URLs without validation and uses the Axios HTTP client with its default configuration allowAbsoluteUrls: true...

7.7CVSS0.00212EPSS
Exploits0References1
OSV
OSV
added 2026/03/12 5:16 p.m.10 views

PYSEC-2026-118

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI platform’s data ingestion feature accepts user-supplied URLs without validation and uses the Axios HTTP client with its default configuration allowAbsoluteUrls: true...

7.7CVSS5.9AI score0.00212EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/12 5:0 p.m.3 views

CVE-2026-21887

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI platform’s data ingestion feature accepts user-supplied URLs without validation and uses the Axios HTTP client with its default configuration allowAbsoluteUrls: true...

7.7CVSS5.8AI score0.00212EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/12 5:0 p.m.26 views

CVE-2026-21887 OpenCTI has a Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI platform’s data ingestion feature accepts user-supplied URLs without validation and uses the Axios HTTP client with its default configuration allowAbsoluteUrls: true...

7.7CVSS0.00212EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/12 5:0 p.m.2 views

CVE-2026-21887 OpenCTI has a Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI platform’s data ingestion feature accepts user-supplied URLs without validation and uses the Axios HTTP client with its default configuration allowAbsoluteUrls: true...

7.7CVSS5.8AI score0.00212EPSS
Exploits0References1
Rows per page
Query Builder