Filter
Versions
Misp MispAn issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an expor…
9.8
EPSS
0.09%
First published (updated )
Misp MispIn MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access to…
9.8
First published (updated )
Misp Mispapp/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin …
9.8
First published (updated )
Misp MispIn MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in …
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Misp Mispapp/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_para…
9.8
First published (updated )
Misp MispAn issue was discovered in MISP before 2.4.158. PHAR deserialization can occur.
9.8
First published (updated )
Misp MispMISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and a…
9.8
First published (updated )
Misp Mispapp/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanit…
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Misp MispAn issue was discovered in MISP 2.4.128. app/Controller/AttributesController.php has insufficient AC…
9.8
First published (updated )
Misp MispAn issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. An adversary can bypas…
9.8
First published (updated )
Misp MispMISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute…
9.8
First published (updated )
Misp Mispapp/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.
9.8
First published (updated )
Misp MispThe default setting of MISP 2.4.136 did not enable the requirements (aka require_password_confirmati…
9.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Misp MispAn issue was discovered in MISP before 2.4.121. It did not consider the HTTP PUT method when trying …
8.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Misp MispAn issue was discovered in MISP before 2.4.156. app/View/Users/terms.ctp allows Local File Inclusion…
7.8
First published (updated )
Misp MispAn issue was discovered in MISP before 2.4.121. The Galaxy view contained an incorrectly sanitized s…
7.5
First published (updated )
Misp MispAn issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be…
7.5
First published (updated )
Misp MispIn app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to in…
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Misp MispAn issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST …
7.5
First published (updated )
Misp Mispapp/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribute correlations. This occurs w…
7.5
First published (updated )
Misp Mispapp/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator becaus…
7.2
First published (updated )
Misp MispAn issue was discovered in MISP 2.4.108. Organization admins could reset credentials for site admins…
6.6
First published (updated )
Misp MispAn issue was discovered in MISP before 2.4.121. ACLs for discussion threads were mishandled in app/C…
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.