Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
misp vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2020-13153
app/View/Events/resolved_attributes.ctp in MISP prior to 2.4.126 has XSS in the resolved attributes view.
Misp Misp
356
VMScore
CVE-2019-16202
MISP prior to 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a "This could be an indication of an attempted privilege escalation on older vulnerable versions of M...
Misp Misp
383
VMScore
CVE-2022-27246
An issue exists in MISP prior to 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default.
Misp Misp
187
VMScore
CVE-2021-27904
An issue exists in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors.
Misp Misp
NA
CVE-2023-50918
app/Controller/AuditLogsController.php in MISP prior to 2.4.182 mishandles ACLs for audit logs.
Misp Misp
NA
CVE-2024-25674
An issue exists in MISP prior to 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type.
Misp Misp
NA
CVE-2024-25675
An issue exists in MISP prior to 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp.
Misp Misp
383
VMScore
CVE-2020-8890
An issue exists in MISP prior to 2.4.121. It mishandled time skew (between the machine hosting the web server and the machine hosting the database) when trying to block a brute-force series of invalid requests.
Misp Misp
383
VMScore
CVE-2020-8891
An issue exists in MISP prior to 2.4.121. It did not canonicalize usernames when trying to block a brute-force series of invalid requests.
Misp Misp
605
VMScore
CVE-2020-8892
An issue exists in MISP prior to 2.4.121. It did not consider the HTTP PUT method when trying to block a brute-force series of invalid requests.
Misp Misp
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987
buffer overflow
CVE-2024-28890
CVE-2024-27574
CVE-2024-27347
CVE-2024-31450
privilege
SSTI
CVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »