Lucene search
K

24 matches found

NVD
NVD
added 2026/06/12 9:16 p.m.10 views

CVE-2026-54394

MISP contains a path traversal vulnerability in OrganisationsController::getOrgLogo. The vulnerable code builds organisation logo file paths using organisation-controlled fields such as id, name, and uuid without ensuring that the resolved file remains inside the intended APP/files/img/orgs/...

5.3CVSS0.00319EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:30 p.m.9 views

EUVD-2026-36563

MISP contains a path traversal vulnerability in OrganisationsController::getOrgLogo. The vulnerable code builds organisation logo file paths using organisation-controlled fields such as id, name, and uuid without ensuring that the resolved file remains inside the intended APP/files/img/orgs/...

5.3CVSS5.6AI score0.00319EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 8:8 p.m.27 views

CVE-2026-54362 MISP template builder exposes non-visible custom galaxies across organisations

An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin users to view galaxies that should not have been visible to their organisation. The custom access-control condition intended to restrict galaxies to those owned by the user’s organisation or...

5.3CVSS0.00207EPSS
Exploits0References1
HackRead
HackRead
added 2026/06/12 2:6 p.m.11 views

ShinyHunters Target Universities in Oracle PeopleSoft Zero-Day Attack

Google says ShinyHunters exploited Oracle PeopleSoft zero-day to steal data from 100+ organisations, with universities making up most victims...

5.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-48996

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description A path traversal issue exists in the getOrgLogo function of the OrganisationsController. The software constructs file paths for organization logos using fields controlled by the organization, su...

5.3CVSS5.4AI score0.00319EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/04 1:54 p.m.12 views

EUVD-2026-34266

A vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the fields option and influence which fields were returned by the New Users and New Organisations widgets. In some cases, requesting a field set that became empty after validation or redaction could cause th...

5.3CVSS5.8AI score0.00176EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 1:54 p.m.33 views

CVE-2026-10864 MISP Dashboard widget field selection may expose restricted user and organisation data

A vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the fields option and influence which fields were returned by the New Users and New Organisations widgets. In some cases, requesting a field set that became empty after validation or redaction could cause th...

5.3CVSS0.00176EPSS
Exploits0References1
HackRead
HackRead
added 2026/03/05 12:53 p.m.8 views

Authorities Shut Down Tycoon 2FA Phishing Platform Used to Bypass MFA

Europol and partners dismantle Tycoon 2FA phishing service used to bypass MFA, disrupting a global phishing-as-a-service operation targeting organisations...

5.9AI score
Exploits0
HackRead
HackRead
added 2026/02/17 4:48 a.m.7 views

Hackers Abuse ScreenConnect to Hijack PCs via Fake Social Security Emails

Forcepoint X-labs reveals how hackers use fake SSA emails and hijacked ScreenConnect tools to bypass Windows security to target UK, US, and Canadian organisations...

5.5AI score
Exploits0
HackRead
HackRead
added 2026/02/10 3:47 p.m.4 views

New Cybercrime Group 0APT Accused of Faking Hundreds of Breach Claims

Researchers reveal the new 0APT cyber group is fabricating attacks on large organisations. Learn how they use fake data to trick companies into paying...

5.5AI score
Exploits0
HackRead
HackRead
added 2025/12/29 8:29 p.m.6 views

New Google-Themed Phishing Wave Hits Over 3,000 Global Organisations

Check Point researchers found a phishing scam abusing Google Cloud to target organisations worldwide. Scammers use official domains to steal logins. Read the full details in this exclusive report...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/08 12:0 a.m.2 views

Cybersecurity Competence for Organisations in Inner Scandinavia

A rapidly growing number of cybersecurity threats and incidents demands that Swedish organisations increase their efforts to improve their cybersecurity capacities. This paper presents results from interviews and a prior survey with key representatives from enterprises and public sector...

6.8AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/08/10 10:43 a.m.11 views

organisations-federales.canada.ca Cross Site Scripting vulnerability OBB-3573517

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/06/30 2:13 p.m.17 views

Immigration organisations targeted by APT group Evilnum

Organisations working in the immigration sector are advised to be on high alert for Advanced Persistent Threat APT attacks. Bleeping Computer reports that European organisations, specifically, are under threat from the Evilnum hacking group. Evilnum, on the APT scene since 2018 at the earliest an...

0.3AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/04/20 11:15 p.m.2 views

CVE-2022-29533

An issue was discovered in MISP before 2.4.158. There is XSS in app/Controller/OrganisationsController.php in a situation with a "weird single checkbox page."...

6.1CVSS5.9AI score0.00776EPSS
Exploits0References4
Prion
Prion
added 2022/04/20 11:15 p.m.17 views

Design/Logic Flaw

An issue was discovered in MISP before 2.4.158. There is XSS in app/Controller/OrganisationsController.php in a situation with a "weird single checkbox page."...

4.3CVSS5.9AI score0.00776EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/04/20 12:0 a.m.5 views

PT-2022-19683 · Misp · Misp

Name of the Vulnerable Software and Affected Versions: MISP versions prior to 2.4.158 Description: The issue is related to a Cross-Site Scripting XSS vulnerability in the app/Controller/OrganisationsController.php file, specifically in situations involving a "weird single checkbox page."...

6.1CVSS5.9AI score0.00776EPSS
Exploits0References7
Akamai Blog
Akamai Blog
added 2021/06/29 2:0 p.m.34 views

The Threat That Never Went Away Is Back (with a Vengeance)

What is your recollection of May 2017? Emmanuel Macron won the French election. The Ringling Bros. and Barnum & Bailey Circus gave its final performance after a 146-year run. The U.S. FCC voted to overturn net neutrality rules. And the National Health Service in the United Kingdom was crippled by...

0.9AI score
Exploits0
Kitploit
Kitploit
added 2020/01/05 10:44 p.m.204 views

Tishna - Complete Automated Pentest Framework For Servers, Application Layer To Web Security

Complete Automated pentest framework for Servers, Application Layer to Web Security Interface Software have 62 Options with full automation and can be use for web security swiss knife Tishna Tishna is Web Server Security Penetration Software for Ultimate Security Analaysis Kali, Parrot OS, Black...

7.1AI score
Exploits0References2
Carbon Black Blog
Carbon Black Blog
added 2017/11/20 5:26 p.m.52 views

Australia’s “Essential Eight” is Critical to Meet 2018 Cybersecurity Mandates & Privacy Laws

Christopher Strand, Carbon Black’s security risk and compliance officer recently wrote a blog discussing how the new mandatory data breach notification rule in the Privacy Amendment Notifiable Data Breaches Bill 2016, helps bring attention to cybersecurity solutions and focus on the practices...

6.8AI score
Exploits0
Rows per page
Query Builder