EUVD-2025-28245

Malicious code in bioql PyPI...

CVE-2025-48739

A Server-Side Request Forgery SSRF vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows remote authenticated attackers with admin permissions allowing them to access specific API endpoints to manipulate URLs to direct...

CVE-2025-48739

A Server-Side Request Forgery SSRF vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows remote authenticated attackers with admin permissions allowing them to access specific API endpoints to manipulate URLs to direct...

CVE-2025-48739

TheHive SSRF (CVE-2025-48739) affects TheHive server versions 5.2.0–5.2.15, 5.3.0–5.3.10, 5.4.0–5.4.9, and 5.5.0, where remote authenticated admins can manipulate URLs in API endpoints to proxy requests to internal or restricted hosts/ports. Root cause: SSRF allowing proxying through TheHive to a...

PT-2025-22822 · Thehive · Thehive

Name of the Vulnerable Software and Affected Versions: TheHive versions 5.2.0 through 5.2.15 TheHive versions 5.3.0 through 5.3.10 TheHive versions 5.4.0 through 5.4.9 TheHive versions 5.5.0 Description: A Server-Side Request Forgery SSRF issue allows remote authenticated attackers with admin...

StrangeBee TheHive Security Vulnerability

TheHive is a scalable open source security incident response platform. A security vulnerability exists in StrangeBee TheHive versions 5.1.0 through 5.1.9 and 5.2.0 through 5.2.8. An attacker can exploit the vulnerability to upload malicious HTML files with Javascript code...

StrangeBee TheHive Security Vulnerability

TheHive is a scalable open source security incident response platform. A security vulnerability exists in StrangeBee TheHive versions 5.2.0 through 5.2.8. An attacker exploited the vulnerability to insert malicious JavaScript code into a template or its variables...

CVE-2024-22877

StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting XSS in the case reporting functionality. This feature allows an attacker to insert malicious JavaScript code inside the template or its variables, that will be executed in the context of the TheHive application when the HTML...

CVE-2024-22876

StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting XSS in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL...