Vulnerabilities
Recent vulnerabilities
Recent vulnerabilities from
Select from 78 available sources using the dropdown above.
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| GCVE-1-2026-20112 |
5.3 (4.0)
|
importModule function in MISP ignores per-organisation… |
misp |
misp |
2026-07-08T13:36:15.651888Z | 2026-07-08T13:36:48.095956Z |
| GCVE-1-2026-20004 |
5.3 (4.0)
|
MISP importModule missing authorization allows read-on… |
misp |
misp |
2026-07-08T13:29:57.644210Z | 2026-07-08T13:30:08.436075Z |
| GCVE-1-2026-20015 |
7.3 (4.0)
|
Potential local privileges escalation through argument… |
NoMachine |
NoMachine |
2026-06-10T14:56:00.000Z | 2026-07-07T15:04:35.841800Z |
| GCVE-1-2026-20103 |
7.1 (4.0)
|
Authenticated Path Traversal in AIL Framework PDF Obje… |
ail-project |
ail-framework |
2026-07-05T17:52:03.087783Z | 2026-07-05T17:52:20.481142Z |
| GCVE-1-2026-20055 |
9.2 (4.0)
|
Unauthenticated arbitrary MongoDB collection read in c… |
cve-search |
cve-search |
2026-07-05T12:01:00.000Z | 2026-07-05T12:43:45.547506Z |
| GCVE-1-2026-20087 |
9.4 (4.0)
|
MISP Core: Mass Assignment and Object Re-ownership via… |
misp |
misp |
2026-06-22T11:38:00.000Z | 2026-06-23T05:58:42.768204Z |
| GCVE-1-2026-20134 |
8.7 (4.0)
|
Authenticated Remote Code Execution via Arbitrary NDJS… |
misp |
misp |
2026-06-22T12:31:00.000Z | 2026-06-23T05:57:05.092862Z |
| GCVE-1-2026-20131 |
5.1 (4.0)
|
AIL Framework - Missing Rate Limiting Enables Brute-Fo… |
ail project |
ail framework |
2026-06-22T13:02:18.669480Z | 2026-06-22T13:02:27.300718Z |
| GCVE-1-2026-20088 |
8.3 (4.0)
|
Authenticated Path Traversal in AIL Framework Investig… |
ail project |
ail framework |
2026-06-22T12:53:47.032329Z | 2026-06-22T12:54:39.580842Z |
| GCVE-1-2026-20105 |
9.3 (4.0)
|
MISP remote code execution via arbitrary rdkafka confi… |
misp |
misp |
2026-06-22T12:39:13.015122Z | 2026-06-22T12:39:24.277077Z |
| GCVE-1-2026-20091 |
9.3 (4.0)
|
MISP AAD authentication plugin - Improper OAuth State … |
misp |
misp |
2026-06-22T12:21:00.000Z | 2026-06-22T12:24:50.403439Z |
| GCVE-1-2026-20099 |
7.1 (4.0)
|
Broken access control in MISP core allows cross-organi… |
misp |
misp |
2026-06-22T12:13:00.000Z | 2026-06-22T12:17:10.271177Z |
| GCVE-1-2026-20094 |
9.4 (4.0)
|
MISP Core: Broken access control allows instance-wide … |
misp |
misp |
2026-06-22T11:54:10.298853Z | 2026-06-22T11:56:08.008149Z |
| GCVE-1-2026-20114 |
5.3 (4.0)
|
Authenticated Path Traversal in AIL framework /objects… |
ail-project |
ail-framework |
2026-06-19T08:03:34.981330Z | 2026-06-19T08:03:52.099550Z |
| GCVE-1-2026-20070 |
5.3 (4.0)
|
MISP object edit authorization bypass allows unauthori… |
misp |
misp |
2026-06-12T21:07:14.650450Z | 2026-06-12T21:08:11.190809Z |
| GCVE-1-2026-20124 |
6.1 (4.0)
|
MISP event editing allows unauthorized assignment to u… |
misp |
misp |
2026-06-12T20:55:35.673197Z | 2026-06-12T20:55:46.810996Z |
| GCVE-1-2026-20044 |
5.3 (4.0)
|
MISP AuthKey edit endpoint allows authenticated user e… |
misp |
misp |
2026-06-12T20:45:00.000Z | 2026-06-12T20:47:57.970104Z |
| GCVE-1-2026-20030 |
5.3 (4.0)
|
MISP UiBeta event index reflected XSS in advanced filt… |
misp |
misp |
2026-06-12T20:34:00.000Z | 2026-06-12T20:35:57.600048Z |
| GCVE-1-2026-20123 |
5.3 (4.0)
|
MISP organisation logo path traversal allows retrieval… |
misp |
misp |
2026-06-12T20:30:07.276457Z | 2026-06-12T20:30:17.372737Z |
| GCVE-1-2026-20036 |
5.1 (4.0)
|
MISP Overmind theme stored XSS via unvalidated homepag… |
misp |
misp |
2026-06-12T20:16:32.896814Z | 2026-06-12T20:21:32.310190Z |
| GCVE-1-2026-20008 |
5.3 (4.0)
|
MISP template builder exposes non-visible custom galax… |
misp |
misp |
2026-06-12T20:06:54.852957Z | 2026-06-12T20:07:09.547667Z |
| GCVE-1-2026-20068 |
8.8 (4.0)
|
MISP mass assignment vulnerabilities allow unauthorize… |
misp |
misp |
2026-06-12T19:59:32.150071Z | 2026-06-12T19:59:41.302526Z |
| GCVE-1-2026-20120 |
8.4 (4.0)
|
MISP sharing group creation mass assignment allows una… |
misp |
misp |
2026-06-12T19:51:28.662997Z | 2026-06-12T19:51:37.145352Z |
| GCVE-1-2026-20040 |
7.1 (4.0)
|
MISP automation endpoints may be exposed to CSRF when … |
misp |
misp |
2026-06-12T19:44:03.403919Z | 2026-06-12T19:44:13.229452Z |
| GCVE-1-2026-20006 |
7.5 (4.0)
|
MISP organization administrators can target site admin… |
misp |
misp |
2026-06-12T19:34:16.198371Z | 2026-06-12T19:34:30.813844Z |
| GCVE-1-2026-20084 |
5.1 (4.0)
|
MISP improper authorization allows organization admini… |
misp |
misp |
2026-06-12T19:25:13.040008Z | 2026-06-12T19:25:24.661452Z |
| GCVE-1-2026-20092 |
9 (4.0)
|
MISP user edit endpoint mass assignment vulnerability … |
misp |
misp |
2026-06-04T14:37:00.000Z | 2026-06-12T06:57:43.643196Z |
| GCVE-1-2026-20080 |
7.9 (4.0)
|
MISP CRUDComponent delete validation bypass via operat… |
misp |
misp |
2026-06-04T13:33:00.000Z | 2026-06-11T13:25:46.835801Z |
| GCVE-1-2026-20046 |
7.4 (4.0)
|
MISP may be exposed to CSRF attacks when Sec-Fetch-Sit… |
misp |
misp |
2026-06-11T13:07:22.129989Z | 2026-06-11T13:08:27.777574Z |
| GCVE-1-2026-20027 |
5.1 (4.0)
|
Cerebrate self-registration password hash exposure via… |
cerebrate |
cerebrate |
2026-06-11T10:02:42.624185Z | 2026-06-11T10:02:55.904460Z |