CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A Cross-Site Request Forgery CSRF vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows a remote attacker to trigger requests on their victim's behalf, if the attacker lures a privileged user, authenticated with basic...

5.9CVSS7AI score0.00242EPSS

Exploits0References1

RedhatCVE•added 2025/05/25 12:18 a.m.•20 views

CVE-2025-48741

A Broken Access Control vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, and 5.4.0 before 5.4.10 allows remote, authenticated, and unprivileged users to retrieve alerts, cases, logs, observables, or tasks, regardless of the user's permissions, through a specific API...

6.8CVSS6.8AI score0.0027EPSS

Exploits0References1

RedhatCVE•added 2025/05/25 12:18 a.m.•20 views

CVE-2025-48738

An e-mail flooding vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows unauthenticated remote attackers to use the password reset feature without limits. This can lead to several consequences, including mailbox storage...

6.9CVSS7.4AI score0.00435EPSS

Exploits0References1

NVD•added 2025/05/23 8:15 p.m.•17 views

CVE-2025-48741

6.8CVSS0.0027EPSS

Exploits0References1

NVD•added 2025/05/23 8:15 p.m.•17 views

CVE-2025-48740

5.9CVSS0.00242EPSS

Exploits0References1

NVD•added 2025/05/23 8:15 p.m.•35 views

CVE-2025-48739

A Server-Side Request Forgery SSRF vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows remote authenticated attackers with admin permissions allowing them to access specific API endpoints to manipulate URLs to direct...

4.6CVSS0.00355EPSS

Exploits0References1

NVD•added 2025/05/23 8:15 p.m.•16 views

CVE-2025-48738

6.9CVSS0.00435EPSS

Exploits0References1

Cvelist•added 2025/05/23 12:0 a.m.•11 views

CVE-2025-48738

6.9CVSS0.00435EPSS

Exploits0References1

Vulnrichment•added 2025/05/23 12:0 a.m.•9 views

CVE-2025-48741

6.8CVSS6.4AI score0.0027EPSS

Exploits0References1

Cvelist•added 2025/05/23 12:0 a.m.•13 views

CVE-2025-48740

5.9CVSS0.00242EPSS

Exploits0References1

Vulnrichment•added 2025/05/23 12:0 a.m.•7 views

CVE-2025-48740

5.9CVSS6.6AI score0.00242EPSS

Exploits0References1

CVE•added 2025/05/23 12:0 a.m.•55 views

CVE-2025-48740

CSRF vulnerability (CVE-2025-48740) affects StrangeBee TheHive prior to specific fixes: 5.2.0–5.2.15, 5.3.0–5.3.10, 5.4.0–5.4.9, and 5.5.0. A remote attacker could trigger unauthorized requests on behalf of a privileged user authenticated with basic authentication. Root cause: CSRF in TheHive com...

5.9CVSS6.9AI score0.00242EPSS

Exploits0References1

Positive Technologies•added 2025/05/23 12:0 a.m.•8 views

PT-2025-22821 · Strangebee · Thehive

Name of the Vulnerable Software and Affected Versions: StrangeBee TheHive versions 5.2.0 through 5.2.15 StrangeBee TheHive versions 5.3.0 through 5.3.10 StrangeBee TheHive versions 5.4.0 through 5.4.9 StrangeBee TheHive versions 5.5.0 Description: An e-mail flooding issue allows unauthenticated...

6.9CVSS7AI score0.00435EPSS

Exploits0References5

CNNVD•added 2025/05/23 12:0 a.m.•3 views

StrangeBee TheHive 安全漏洞

StrangeBee TheHive is an application from StrangeBee, Inc. A security vulnerability exists in StrangeBee TheHive versions prior to 5.5.1, which stems from an unrestricted password reset feature that could lead to mailbox storage exhaustion or SMTP server overload...

6.9CVSS6.8AI score0.00435EPSS

Exploits0References1

Vulnrichment•added 2025/05/23 12:0 a.m.•8 views

CVE-2025-48738

6.9CVSS7AI score0.00435EPSS

Exploits0References1

Positive Technologies•added 2025/05/23 12:0 a.m.•5 views

PT-2025-22823 · Strangebee · Thehive

5.9CVSS6.6AI score0.00242EPSS

Exploits0References5

Rows per page