CVE-2026-10856 Open redirect in MISP dashboard button widget URL handling

A URL validation flaw in the MISP dashboard button widget allowed a crafted relative-looking URL to be accepted as a local path while being interpreted by browsers as an external URL. The validation rejected URLs containing an explicit scheme, host, or user component, but did not reject paths...

CVE-2022-40290

The application was vulnerable to an unauthenticated Reflected Cross-Site Scripting XSS vulnerability in the barcode generation functionality, allowing attackers to generate an unsafe link that could compromise users...