44 matches found
EUVD-2025-28245
Malicious code in bioql PyPI...
EUVD-2025-28248
Malicious code in bioql PyPI...
EUVD-2025-28246
Malicious code in bioql PyPI...
EUVD-2023-42816
Malicious code in bioql PyPI...
EUVD-2025-28247
Malicious code in bioql PyPI...
CVE-2025-48740
A Cross-Site Request Forgery CSRF vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows a remote attacker to trigger requests on their victim's behalf, if the attacker lures a privileged user, authenticated with basic...
CVE-2025-48741
A Broken Access Control vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, and 5.4.0 before 5.4.10 allows remote, authenticated, and unprivileged users to retrieve alerts, cases, logs, observables, or tasks, regardless of the user's permissions, through a specific API...
CVE-2025-48738
An e-mail flooding vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows unauthenticated remote attackers to use the password reset feature without limits. This can lead to several consequences, including mailbox storage...
CVE-2025-48738
An e-mail flooding vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows unauthenticated remote attackers to use the password reset feature without limits. This can lead to several consequences, including mailbox storage...
CVE-2025-48740
A Cross-Site Request Forgery CSRF vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows a remote attacker to trigger requests on their victim's behalf, if the attacker lures a privileged user, authenticated with basic...
CVE-2025-48741
A Broken Access Control vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, and 5.4.0 before 5.4.10 allows remote, authenticated, and unprivileged users to retrieve alerts, cases, logs, observables, or tasks, regardless of the user's permissions, through a specific API...
CVE-2025-48739
A Server-Side Request Forgery SSRF vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows remote authenticated attackers with admin permissions allowing them to access specific API endpoints to manipulate URLs to direct...
PT-2025-22823 · Strangebee · Thehive
Name of the Vulnerable Software and Affected Versions: StrangeBee TheHive versions 5.2.0 through 5.2.15 StrangeBee TheHive versions 5.3.0 through 5.3.10 StrangeBee TheHive versions 5.4.0 through 5.4.9 StrangeBee TheHive versions 5.5.0 Description: A Cross-Site Request Forgery CSRF issue allows a...
CVE-2025-48740
CSRF vulnerability (CVE-2025-48740) affects StrangeBee TheHive prior to specific fixes: 5.2.0–5.2.15, 5.3.0–5.3.10, 5.4.0–5.4.9, and 5.5.0. A remote attacker could trigger unauthorized requests on behalf of a privileged user authenticated with basic authentication. Root cause: CSRF in TheHive com...
CVE-2025-48741
CVE-2025-48741 affects StrangeBee TheHive. A Broken Access Control flaw allows remote, authenticated, and unprivileged users to retrieve alerts, cases, logs, observables, or tasks via a specific API endpoint. Affected ranges and fixes: 5.2.0–5.2.15 → upgrade to 5.2.16+, 5.3.0–5.3.10 → upgrade to ...
StrangeBee TheHive 跨站请求伪造漏洞
StrangeBee TheHive is an application from StrangeBee, Inc. A cross-site request forgery vulnerability exists in StrangeBee TheHive versions prior to 5.5.1, which stems from cross-site request forgery and could be exploited by privileged users...
StrangeBee TheHive 安全漏洞
StrangeBee TheHive is an application from StrangeBee, Inc. A security vulnerability exists in StrangeBee TheHive versions prior to 5.5.1, which stems from an unrestricted password reset feature that could lead to mailbox storage exhaustion or SMTP server overload...
CVE-2025-48740
A Cross-Site Request Forgery CSRF vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows a remote attacker to trigger requests on their victim's behalf, if the attacker lures a privileged user, authenticated with basic...
StrangeBee TheHive 代码问题漏洞
StrangeBee TheHive is an application from StrangeBee, Inc. A code issue vulnerability exists in StrangeBee TheHive versions prior to 5.5.1 that stems from server-side request forgery and could lead to access to internal resources...
StrangeBee TheHive 安全漏洞
StrangeBee TheHive is an application from StrangeBee, Inc. A security vulnerability exists in StrangeBee TheHive versions prior to 5.4.10, which stems from improper access control and could lead to unauthorized users retrieving data...