Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
misp misp vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-41326
In MISP prior to 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call.
Misp Misp
1 Github repository
5.5
CVSSv3
CVE-2021-27904
An issue exists in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors.
Misp Misp
9.8
CVSSv3
CVE-2024-25674
An issue exists in MISP prior to 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type.
Misp Misp
9.8
CVSSv3
CVE-2024-25675
An issue exists in MISP prior to 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp.
Misp Misp
6.1
CVSSv3
CVE-2019-10254
In MISP prior to 2.4.105, the app/View/Layouts/default.ctp default layout template has a Reflected XSS vulnerability.
Misp Misp
8.8
CVSSv3
CVE-2018-19908
An issue exists in MISP 2.4.9x prior to 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the ori...
Misp Misp
6.1
CVSSv3
CVE-2021-36212
app/View/SharingGroups/view.ctp in MISP prior to 2.4.146 allows stored XSS in the sharing groups view.
Misp Misp
9.8
CVSSv3
CVE-2022-29528
An issue exists in MISP prior to 2.4.158. PHAR deserialization can occur.
Misp Misp
6.5
CVSSv3
CVE-2019-16202
MISP prior to 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a "This could be an indication of an attempted privilege escalation on older vulnerable versions of M...
Misp Misp
8.8
CVSSv3
CVE-2022-27245
An issue exists in MISP prior to 2.4.156. app/Model/Server.php does not restrict generateServerSettings to the CLI. This could lead to SSRF.
Misp Misp
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »