Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
misp misp vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-48328
app/Controller/Component/IndexFilterComponent.php in MISP prior to 2.4.167 mishandles ordered_url_params and additional_delimiters.
Misp Misp
NA
CVE-2022-48329
MISP prior to 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php.
Misp Misp
7.5
CVSSv2
CVE-2020-29006
MISP prior to 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php.
Misp Misp
NA
CVE-2024-25674
An issue exists in MISP prior to 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type.
Misp Misp
9
CVSSv2
CVE-2018-19908
An issue exists in MISP 2.4.9x prior to 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the ori...
Misp Misp
6.8
CVSSv2
CVE-2022-27243
An issue exists in MISP prior to 2.4.156. app/View/Users/terms.ctp allows Local File Inclusion via the custom terms file setting.
Misp Misp
6.8
CVSSv2
CVE-2022-27245
An issue exists in MISP prior to 2.4.156. app/Model/Server.php does not restrict generateServerSettings to the CLI. This could lead to SSRF.
Misp Misp
4.3
CVSSv2
CVE-2019-10254
In MISP prior to 2.4.105, the app/View/Layouts/default.ctp default layout template has a Reflected XSS vulnerability.
Misp Misp
6.8
CVSSv2
CVE-2020-15711
In MISP prior to 2.4.129, setting a favourite homepage was not CSRF protected.
Misp Misp
NA
CVE-2023-50918
app/Controller/AuditLogsController.php in MISP prior to 2.4.182 mishandles ACLs for audit logs.
Misp Misp
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »