86 matches found
CVE-2026-44380 MISP: Improper access control in auth key reset allows privilege escalation to site administrator
MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in the authentication key reset functionality allowed an authenticated organization administrator to reset authentication keys belonging to site administrator accounts within...
CVE-2026-44381
MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, a SQL injection vulnerability existed in the handling of user-controlled ordering parameters in the event and shadow attribute listing endpoints. The affected code accepted order or sort values from request paramete...
MISP SQL注入漏洞
MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics, and it includes functions such as analysis of threats to network security and malware analysis. Prior to MISP 2.5.37, there was an S...
MISP 安全漏洞
MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics, and it includes features such as analysis of threats to network security and malware analysis. Prior to MISP 2.5.37, there were...
CVE-2026-39962
MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows LDAP injection via an unsanitized username value when ApacheAuthenticate.apacheEnv is configured to use a user-controlled...
EUVD-2026-20966
MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows LDAP injection via an unsanitized username value when ApacheAuthenticate.apacheEnv is configured to use a user-controlled...
CVE-2026-39962 LDAP injection in MISP ApacheAuthenticate when using a user-controlled Apache environment variable
MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows LDAP injection via an unsanitized username value when ApacheAuthenticate.apacheEnv is configured to use a user-controlled...
CVE-2026-39962 LDAP injection in MISP ApacheAuthenticate when using a user-controlled Apache environment variable
MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows LDAP injection via an unsanitized username value when ApacheAuthenticate.apacheEnv is configured to use a user-controlled...
CVE-2025-67906
In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path...
CVE-2025-66384
app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmpname...
EUVD-2025-199869
app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmpname...
CVE-2024-0331
creationtimestamp| type| source ---|---|--- 2025-10-01 18:11:56+00:00| seen| MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6 2025-10-08 21:59:27+00:00| seen| MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6...
CVE-2024-43724
creationtimestamp| type| source ---|---|--- 2025-09-16 23:16:38+00:00| seen| MISP/be792712-f638-4d7d-b62d-4f5032e86764 2025-09-18 16:44:33+00:00| seen| MISP/be792712-f638-4d7d-b62d-4f5032e86764...
CVE-2025-4049
creationtimestamp| type| source ---|---|--- 2025-09-09 20:56:44+00:00| seen| MISP/2bceffac-02c3-4c54-a709-6e253b38ec76...
CVE-2025-7953
creationtimestamp| type| source ---|---|--- 2025-09-09 20:56:44+00:00| seen| MISP/2bceffac-02c3-4c54-a709-6e253b38ec76...
CVE-2025-7613
creationtimestamp| type| source ---|---|--- 2025-09-09 20:51:37+00:00| seen| MISP/e0a0042d-e47b-4875-b781-99d4428af3c2...
CVE-2025-53622
creationtimestamp| type| source ---|---|--- 2025-09-09 20:51:36+00:00| seen| MISP/e0a0042d-e47b-4875-b781-99d4428af3c2...
CVE-2019-8031
creationtimestamp| type| source ---|---|--- 2025-08-31 03:13:14+00:00| seen| MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57...
CVE-2020-0623
creationtimestamp| type| source ---|---|--- 2025-08-31 03:01:30+00:00| seen| MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d...
CVE-2018-11714
creationtimestamp| type| source ---|---|--- 2025-07-24 03:00:16+00:00| published-proof-of-concept| Telegram/wODd61W5j1tuTHJwgIPrERYXEehViHv3tBlXAdVX0Rv5XjQ 2025-10-14 10:31:56+00:00| seen| MISP/a41d8549-5384-5e1a-8c33-bf88e35b5a0a 2026-01-26 00:00:00+00:00| exploited| The Shadowserver...