PT-2026-48637

Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did not explicitly mark id as inaccessible, an authenticated attacker could submit a crafted edit...

CVE-2023-48657

An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters...

CVE-2023-48656

An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses...

MISP Security Vulnerabilities

MISP is an open source software solution. The product is used to collect, store, distribute, and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP versions prior to 2.4.176 that stems from...

Design/Logic Flaw

MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php...

CVE-2022-48329

MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php...

CVE-2021-31780

CVE-2021-31780 affects MISP 2.4.141, specifically the file app/Model/MispObject.php. The vulnerability arises from an incorrect sharing group association: when an object is linked to an event edit, the sharing group object is ignored and the passed local ID is reused, which can disclose informati...