CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added yesterday•3 views

CVE-2026-35212

Exploits0References2Affected Software1

CVE•added yesterday•8 views

CVE-2026-35212

OpenCTI vulnerability CVE-2026-35212: XSS in rendering of email-message observable body data due to insufficient sanitization in versions prior to 7.260227.0. The body content is rendered without proper sanitization, requiring user interaction and could be triggered by sharing STIX or ingesters, ...

EUVD•added yesterday•4 views

EUVD-2026-34035

Vulnrichment•added yesterday•3 views

CVE-2026-35212 OpenCTI has XSS in the rendering of email-message observable body data

Cvelist•added yesterday•21 views

CVE-2026-35212 OpenCTI has XSS in the rendering of email-message observable body data

5.3CVSS

Positive Technologies•added yesterday•6 views

PT-2026-45867

Name of the Vulnerable Software and Affected Versions OpenCTI versions prior to 7.260227.0 Description An issue exists in the rendering of email-message observable body data where the content of the body field is not appropriately sanitized. This allows for Cross-Site Scripting XSS, a technique...

Github Security Blog•added 6 days ago•12 views

Exploits0References3

OpenCTI: Privilege escalation via graphQL API is abusable by organization admins, due to incorrect ACL on userEdit relationAdd

Summary An organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization. Impact Full platform access, access to sensitive or proprietary information...

Exploits0References4Affected Software1

OSV•added 6 days ago•3 views

GHSA-Q537-QHJ4-WCJX OpenCTI: Privilege escalation via graphQL API is abusable by organization admins, due to incorrect ACL on userEdit relationAdd

PyPA•added 2026/05/26 6:16 p.m.•4 views

Exploits0References4

PYSEC-2026-167

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.7, an organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization. This is due to incorrect ACL o...

Exploits0References1Affected Software1

OSV•added 2026/05/26 6:16 p.m.•2 views

PYSEC-2026-167

NVD•added 2026/05/26 6:16 p.m.•9 views

CVE-2026-44730

7.2CVSS0.0005EPSS

Vulnrichment•added 2026/05/26 5:3 p.m.•2 views

CVE-2026-44730 OpenCTI: Privilege escalation via graphQL API abusable by organization admins, due to incorrect ACL on userEdit relationAdd

ATTACKERKB•added 2026/05/26 5:3 p.m.•4 views

CVE-2026-44730

Exploits0References2Affected Software1

CVE•added 2026/05/26 5:3 p.m.•5 views

CVE-2026-44730

OpenCTI (open-source platform for threat intel) has a privilege-escalation vulnerability affecting the GraphQL API prior to version 6.9.7. An organization admin can elevate privileges by adding a user from a different organization with higher privileges to their own organization due to an incorre...

Exploits0References1Affected Software1

CNNVD•added 2026/05/26 12:0 a.m.•4 views

OpenCTI 访问控制错误漏洞

OpenCTI is an open-source network threat intelligence platform developed by OpenCTI. Versions of OpenCTI prior to 6.9.7 contained a access control vulnerability. This vulnerability stemmed from incorrect Access Control Lists ACLs when users were editing relationship additions, potentially allowin...

Positive Technologies•added 2026/05/26 12:0 a.m.•6 views

Exploits0References2

PT-2026-43350

Name of the Vulnerable Software and Affected Versions OpenCTI versions prior to 6.9.7 Description An organization administrator can escalate their privileges by adding a user from a different organization who possesses higher privileges into their own organization. This occurs due to an incorrect...