CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

36 matches found

EUVD-2026-34035

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Versions prior to 7.260227.0 are vulnerable to XSS in the rendering of email-message observable body data. The content of the body field isn't appropriately sanitized when being rendered. Does...

5.3CVSS5.8AI score0.00047EPSS

Exploits0References1

ATTACKERKB•added 2026/05/26 5:3 p.m.•4 views

CVE-2026-44730

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.7, an organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization. This is due to incorrect ACL o...

7.2CVSS5.8AI score0.0005EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/05/26 12:0 a.m.•6 views

PT-2026-43350

Name of the Vulnerable Software and Affected Versions OpenCTI versions prior to 6.9.7 Description An organization administrator can escalate their privileges by adding a user from a different organization who possesses higher privileges into their own organization. This occurs due to an incorrect...

7.2CVSS5.8AI score0.0005EPSS

Exploits0References7

PyPA•added 2026/05/05 7:16 p.m.•8 views

PYSEC-2026-119

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploited by unauthenticated attackers to query the API as any existing user, including the default admi...

9.8CVSS5.7AI score0.00084EPSS

Exploits1References1Affected Software1

ATTACKERKB•added 2026/05/05 6:35 p.m.•1 views

CVE-2026-27960

9.8CVSS5.7AI score0.00084EPSS

Exploits1References2Affected Software1

CVE•added 2026/05/05 6:35 p.m.•2 views

CVE-2026-27960

OpenCTI suffers a privilege escalation in versions 6.6.0–6.9.12 that allows unauthenticated attackers to query the API as any existing user, including the default admin account. The issue has been fixed in version 6.9.13. As a temporary mitigation, the default admin can be disabled via APP__ADMIN...

9.8CVSS5.7AI score0.00084EPSS

Exploits1References1Affected Software1

ATTACKERKB•added 2026/04/09 4:54 p.m.•2 views

CVE-2026-39980

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.5, the safeEjs.ts file does not properly sanitize EJS templates. Users with the Manage customization capability can run arbitrary JavaScript in the context of the OpenCTI platform...

9.1CVSS6AI score0.00046EPSS

Exploits0References3Affected Software1

EUVD•added 2026/04/09 4:54 p.m.•1 views

EUVD-2026-20972

9.1CVSS6AI score0.00046EPSS

Exploits0References2

Positive Technologies•added 2026/04/09 12:0 a.m.•0 views

PT-2026-31664

Name of the Vulnerable Software and Affected Versions OpenCTI versions prior to 6.9.5 Description OpenCTI is a platform for managing cyber threat intelligence. Prior to version 6.9.5, the safeEjs.ts file does not properly sanitize EJS templates. Users with Manage customization capability can...

9.1CVSS6AI score0.00046EPSS

Exploits0References8

RedhatCVE•added 2026/03/26 3:12 p.m.•0 views

CVE-2026-21886

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualDeletionDeleteMutation" is intended to allow users to delete individual entity objects respectively. However, it was observed that this...

8.1CVSS5.8AI score0.00164EPSS

Exploits0References1

OSV•added 2026/03/17 4:16 p.m.•1 views

PYSEC-2026-117

8.1CVSS5.8AI score0.00164EPSS

Exploits0References1

PyPA•added 2026/03/17 4:16 p.m.•5 views

PYSEC-2026-117

8.1CVSS5.8AI score0.00164EPSS

Exploits0References1Affected Software1

EUVD•added 2026/03/17 3:26 p.m.•3 views

EUVD-2026-12578

6.5CVSS5.8AI score0.00164EPSS

Exploits0References1

Cvelist•added 2026/03/17 3:26 p.m.•22 views

CVE-2026-21886 OpenCTI's GraphQL Mutations Allow Deletion of Unrelated Entities

6.5CVSS0.00164EPSS

Exploits0References1

OSV•added 2026/03/12 5:16 p.m.•3 views

PYSEC-2026-118

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI platform’s data ingestion feature accepts user-supplied URLs without validation and uses the Axios HTTP client with its default configuration allowAbsoluteUrls: true...

7.7CVSS5.9AI score0.00044EPSS

Exploits0References1

Cvelist•added 2026/03/12 5:0 p.m.•21 views

CVE-2026-21887 OpenCTI has a Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature

7.7CVSS0.00044EPSS

Exploits0References1

Vulnrichment•added 2026/03/12 5:0 p.m.•1 views

CVE-2026-21887 OpenCTI has a Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature

7.7CVSS5.8AI score0.00044EPSS

Exploits0References1

EUVD•added 2026/03/12 5:0 p.m.•1 views

EUVD-2026-11599

7.7CVSS5.8AI score0.00044EPSS

Exploits0References1

ATTACKERKB•added 2026/03/12 5:0 p.m.•2 views

CVE-2026-21887

7.7CVSS5.8AI score0.00044EPSS

Exploits0References2Affected Software1

CVE•added 2026/01/07 5:28 p.m.•4 views

CVE-2025-61782

OpenCTI prior to version 6.8.3 contains an open redirect in the SAML callback endpoint (/auth/saml/callback). By manipulating the RelayState parameter, an attacker can trigger a 302 redirect to an arbitrary external URL, enabling phishing and credential theft. Remediation: upgrade to version 6.8....

6.1CVSS6.7AI score0.00097EPSS

Exploits0References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by