Lucene search
+L

89 matches found

NVD
NVD
added yesterday5 views

CVE-2026-63099

TheHive through 4.1.24 contains a broken object-level authorization vulnerability in the attachment download endpoints that allows any authenticated user to access attachments belonging to other organizations by supplying a content-hash identifier. Attackers can exploit the missing...

7.1CVSS
Exploits0References2
Vulnrichment
Vulnrichment
added yesterday7 views

CVE-2026-63099 TheHive 4.1.24 Broken Object Level Authorization via Attachment Download Endpoints

TheHive through 4.1.24 contains a broken object-level authorization vulnerability in the attachment download endpoints that allows any authenticated user to access attachments belonging to other organizations by supplying a content-hash identifier. Attackers can exploit the missing...

7.1CVSS5.5AI score
Exploits0References2
Cvelist
Cvelist
added yesterday30 views

CVE-2026-63099 TheHive 4.1.24 Broken Object Level Authorization via Attachment Download Endpoints

TheHive through 4.1.24 contains a broken object-level authorization vulnerability in the attachment download endpoints that allows any authenticated user to access attachments belonging to other organizations by supplying a content-hash identifier. Attackers can exploit the missing...

7.1CVSS
Exploits0References2
CVE
CVE
added yesterday9 views

CVE-2026-63099

CVE-2026-63099 affects TheHive up to version 4.1.24 and describes a broken object‑level authorization in the attachment download endpoints. The vulnerability lets any authenticated user access attachments belonging to other organizations by supplying a content-hash identifier. The root cause is a...

7.1CVSS5.6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-60792

TheHive through 4.1.24 contains a broken object-level authorization vulnerability in the attachment download endpoints that allows any authenticated user to access attachments belonging to other organizations by supplying a content-hash identifier. Attackers can exploit the missing...

7.1CVSS5.5AI score
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-17184

Malware in sbrugna...

7.7CVSS7.5AI score0.05155EPSS
Exploits5References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-12793

Malware in sbrugna...

7.2CVSS7AI score0.01747EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-9492

Malware in sbrugna...

8.8CVSS8.8AI score0.01883EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-20405

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.00289EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-28245

Malicious code in bioql PyPI...

6.9CVSS6.6AI score0.00435EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-20404

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.00289EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-28246

Malicious code in bioql PyPI...

4.6CVSS6.6AI score0.00355EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-42816

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00698EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-28247

Malicious code in bioql PyPI...

5.9CVSS6.6AI score0.00242EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-28248

Malicious code in bioql PyPI...

6.8CVSS6.6AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/25 12:18 a.m.24 views

CVE-2025-48740

A Cross-Site Request Forgery CSRF vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows a remote attacker to trigger requests on their victim's behalf, if the attacker lures a privileged user, authenticated with basic...

5.9CVSS7AI score0.00242EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/25 12:18 a.m.23 views

CVE-2025-48741

A Broken Access Control vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, and 5.4.0 before 5.4.10 allows remote, authenticated, and unprivileged users to retrieve alerts, cases, logs, observables, or tasks, regardless of the user's permissions, through a specific API...

6.8CVSS6.8AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/25 12:18 a.m.25 views

CVE-2025-48738

An e-mail flooding vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows unauthenticated remote attackers to use the password reset feature without limits. This can lead to several consequences, including mailbox storage...

6.9CVSS7.4AI score0.00435EPSS
Exploits0References1
NVD
NVD
added 2025/05/23 8:15 p.m.18 views

CVE-2025-48740

A Cross-Site Request Forgery CSRF vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows a remote attacker to trigger requests on their victim's behalf, if the attacker lures a privileged user, authenticated with basic...

5.9CVSS0.00242EPSS
Exploits0References1
NVD
NVD
added 2025/05/23 8:15 p.m.20 views

CVE-2025-48738

An e-mail flooding vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows unauthenticated remote attackers to use the password reset feature without limits. This can lead to several consequences, including mailbox storage...

6.9CVSS0.00435EPSS
Exploits0References1
Rows per page
Query Builder