6 matches found
CVE-2026-44380
MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in the authentication key reset functionality allowed an authenticated organization administrator to reset authentication keys belonging to site administrator accounts within...
CVE-2026-44379 MISP: Improper UUID validation in MISP Collections
MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 UUID validation on the uuid field. As a result, a user able to create or modify Collection records could submit malformed UUID values, potentially causing integrity issues o...
CVE-2026-44380
MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in the authentication key reset functionality allowed an authenticated organization administrator to reset authentication keys belonging to site administrator accounts within...
CVE-2026-44381
MISP (open source threat intelligence platform) prior to version 2.5.37 contains a SQL injection vulnerability in handling of user-controlled ordering parameters on the event and shadow attribute listing endpoints. The affected code accepts order/sort values from request parameters and injects th...
CVE-2026-8080
CVE-2026-8080 affects MISP core, specifically the old templating engine, where template element attribute type and category values were not validated. This stored XSS vulnerability impacts versions before 2.5.37 and is tied to the old engine later removed in 2.5.38. The CVSS-derived metrics indic...
CVE-2026-8080
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application accepted...