Filter
-Infinity
0
MISPAn issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an expor…
9.8
EPSS
0.09%
First published (updated )
MISPIn MISP before 2.4.187, __uploadLogo in app/Controller/OrganisationsController.php does not properly…
9.8
EPSS
0.04%
First published (updated )
MISPIn MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access to…
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MISPapp/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin …
9.8
First published (updated )
MISPIn MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in …
9.8
First published (updated )
MISPapp/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_para…
9.8
First published (updated )
MISPAn issue was discovered in MISP before 2.4.158. PHAR deserialization can occur.
9.8
First published (updated )
MISPMISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and a…
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MISPapp/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanit…
9.8
First published (updated )
MISPAn issue was discovered in MISP 2.4.128. app/Controller/AttributesController.php has insufficient AC…
9.8
First published (updated )
MISP - Malware Information Sharing PlatformMISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use …
9.8
First published (updated )
MISPAn issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. An adversary can bypas…
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MISPMISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute…
9.8
First published (updated )
MISPapp/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.
9.8
First published (updated )
MISPThe default setting of MISP 2.4.136 did not enable the requirements (aka require_password_confirmati…
9.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MISPAn issue was discovered in MISP before 2.4.121. It did not consider the HTTP PUT method when trying …
8.1
First published (updated )
MISPAn issue was discovered in MISP before 2.4.156. app/View/Users/terms.ctp allows Local File Inclusion…
7.8
First published (updated )
MISPAn issue was discovered in MISP before 2.4.121. The Galaxy view contained an incorrectly sanitized s…
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MISPAn issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be…
7.5
First published (updated )
MISPIn app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to in…
7.5
First published (updated )
MISPAn issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST …
7.5
First published (updated )
MISPapp/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribute correlations. This occurs w…
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.