Lucene search
+L

229 matches found

Cvelist
Cvelist
added 2026/05/05 6:35 p.m.54 views

CVE-2026-27960 OpenCTI privilege escalation and unauthenticated access via default admin account

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploited by unauthenticated attackers to query the API as any existing user, including the default admi...

9.8CVSS0.0048EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/05 6:35 p.m.19 views

EUVD-2026-27420

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploited by unauthenticated attackers to query the API as any existing user, including the default admi...

9.8CVSS5.7AI score0.0048EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/05 6:35 p.m.9 views

CVE-2026-27960

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploited by unauthenticated attackers to query the API as any existing user, including the default admi...

9.8CVSS5.7AI score0.0048EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/05 6:35 p.m.8 views

CVE-2026-27960 OpenCTI privilege escalation and unauthenticated access via default admin account

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploited by unauthenticated attackers to query the API as any existing user, including the default admi...

9.8CVSS5.7AI score0.0048EPSS
Exploits1References1
CVE
CVE
added 2026/05/05 6:35 p.m.23 views

CVE-2026-27960

OpenCTI suffers a privilege escalation in versions 6.6.0–6.9.12 that allows unauthenticated attackers to query the API as any existing user, including the default admin account. The issue has been fixed in version 6.9.13. As a temporary mitigation, the default admin can be disabled via APP__ADMIN...

9.8CVSS5.7AI score0.0048EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/05/05 6:35 p.m.3 views

CVE-2026-27960 OpenCTI privilege escalation and unauthenticated access via default admin account

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploited by unauthenticated attackers to query the API as any existing user, including the default admi...

9.8CVSS5.9AI score0.0048EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-37214

Name of the Vulnerable Software and Affected Versions OpenCTI versions 6.6.0 through 6.9.12 Description OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. A privilege escalation issue allows unauthenticated attackers to query the API as any existi...

9.8CVSS5.8AI score0.0048EPSS
Exploits1References12
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.13 views

OpenCTI 授权问题漏洞

OpenCTI is an open-source network threat intelligence platform developed by OpenCTI. Versions 6.6.0 to 6.9.12 of OpenCTI have vulnerabilities related to authorization. Attackers can exploit these vulnerabilities to access the API as any existing user, including the default administrator account...

9.8CVSS5.8AI score0.0048EPSS
Exploits1References2
NVD
NVD
added 2026/04/09 6:17 p.m.5 views

CVE-2026-39980

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.5, the safeEjs.ts file does not properly sanitize EJS templates. Users with the Manage customization capability can run arbitrary JavaScript in the context of the OpenCTI platform...

9.1CVSS0.00522EPSS
Exploits0References2
CVE
CVE
added 2026/04/09 4:54 p.m.33 views

CVE-2026-39980

OpenCTI prior to 6.9.5 has a vulnerability in safeEjs.ts where EJS templates are not properly sanitized, allowing users with Manage customization capability to run arbitrary JavaScript in the platform process context during notifier template execution. The issue is fixed in 6.9.5; CVSS 3.1 base s...

9.1CVSS6AI score0.00522EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/09 4:54 p.m.5 views

CVE-2026-39980 OpenCTI affected by RCE via notifier template

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.5, the safeEjs.ts file does not properly sanitize EJS templates. Users with the Manage customization capability can run arbitrary JavaScript in the context of the OpenCTI platform...

9.1CVSS6AI score0.00522EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/09 4:54 p.m.4 views

CVE-2026-39980

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.5, the safeEjs.ts file does not properly sanitize EJS templates. Users with the Manage customization capability can run arbitrary JavaScript in the context of the OpenCTI platform...

9.1CVSS6AI score0.00522EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/09 4:54 p.m.5 views

EUVD-2026-20972

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.5, the safeEjs.ts file does not properly sanitize EJS templates. Users with the Manage customization capability can run arbitrary JavaScript in the context of the OpenCTI platform...

9.1CVSS6AI score0.00522EPSS
Exploits0References2
OSV
OSV
added 2026/04/09 4:54 p.m.5 views

CVE-2026-39980 OpenCTI affected by RCE via notifier template

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.5, the safeEjs.ts file does not properly sanitize EJS templates. Users with the Manage customization capability can run arbitrary JavaScript in the context of the OpenCTI platform...

9.1CVSS6.1AI score0.00522EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.9 views

OpenCTI 安全漏洞

OpenCTI is an open-source network threat intelligence platform developed by OpenCTI. Versions of OpenCTI prior to 6.9.5 contained security vulnerabilities. These vulnerabilities stemmed from the improper cleanup of EJS templates in the safeEjs.ts file, allowing users with administrative privilege...

9.1CVSS6.2AI score0.00522EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.9 views

PT-2026-31664

Name of the Vulnerable Software and Affected Versions OpenCTI versions prior to 6.9.5 Description OpenCTI is a platform for managing cyber threat intelligence. Prior to version 6.9.5, the safeEjs.ts file does not properly sanitize EJS templates. Users with Manage customization capability can...

9.1CVSS6AI score0.00522EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.7 views

CVE-2026-21886

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualDeletionDeleteMutation" is intended to allow users to delete individual entity objects respectively. However, it was observed that this...

8.1CVSS5.8AI score0.00227EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.10 views

CVE-2026-21887

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI platform’s data ingestion feature accepts user-supplied URLs without validation and uses the Axios HTTP client with its default configuration allowAbsoluteUrls: true...

7.7CVSS5.9AI score0.00212EPSS
Exploits0References1
PyPA
PyPA
added 2026/03/17 4:16 p.m.12 views

PYSEC-2026-117

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualDeletionDeleteMutation" is intended to allow users to delete individual entity objects respectively. However, it was observed that this...

8.1CVSS5.8AI score0.00227EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/03/17 4:16 p.m.7 views

CVE-2026-21886

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualDeletionDeleteMutation" is intended to allow users to delete individual entity objects respectively. However, it was observed that this...

8.1CVSS0.00227EPSS
Exploits0References1
Rows per page
Query Builder