📦 Misp

This vulnerability in MISP (Malware Information Sharing Platform) allows attackers to upload malicious files through the logo upload functionality. It affects all MISP instances running versions befor...

This vulnerability in MISP allows attackers to upload malicious files disguised as organization logos due to insufficient file extension and MIME type validation. Attackers could execute arbitrary cod...

CVE-2023-50918 is an access control vulnerability in MISP's audit logs controller that allows unauthorized users to view audit logs. This affects all MISP instances running versions before 2.4.182. Th...

This vulnerability in MISP (Malware Information Sharing Platform) allows SQL injection through mishandled URL parameters in the IndexFilterComponent. Attackers can exploit this to execute arbitrary SQ...

CVE-2022-29528 is a PHAR deserialization vulnerability in MISP (Malware Information Sharing Platform) that allows attackers to execute arbitrary code on affected systems. This affects all MISP instanc...

This vulnerability allows SQL injection in MISP (Malware Information Sharing Platform) through the Log.php component. Attackers can execute arbitrary SQL commands by manipulating the 'org' parameter v...

CVE-2021-35502 is a critical vulnerability in MISP (Malware Information Sharing Platform) that allows cross-site scripting (XSS) attacks due to improper input sanitization in generic field templates. ...

CVE-2021-25323 is an authentication bypass vulnerability in MISP (Malware Information Sharing Platform) where users could change their passwords without providing their current password. This affects ...

This vulnerability in MISP (Malware Information Sharing Platform) allows cross-site scripting (XSS) attacks through REST endpoints that return non-JSON responses without proper sanitization. Attackers...

This vulnerability allows attackers to bypass password confirmation requirements in MISP by sending requests with an 'Accept: application/json' header. This affects all MISP instances running versions...

This vulnerability in MISP allows attackers to perform Local File Inclusion (LFI) through the custom terms file setting. It enables reading arbitrary files on the server, potentially exposing sensitiv...

CVE-2022-27245 is a Server-Side Request Forgery (SSRF) vulnerability in MISP (Malware Information Sharing Platform) that allows attackers to make unauthorized requests from the vulnerable server to in...

This vulnerability in MISP allows information disclosure when editing events with sharing groups. An incorrect sharing group association causes the system to reuse a local ID instead of the proper sha...

This vulnerability allows cross-site scripting (XSS) attacks in MISP's workflow execution path. Attackers can inject malicious scripts that execute in users' browsers when viewing workflow execution d...

This vulnerability allows attackers with admin privileges in MISP to inject malicious scripts via menu_custom_right_link parameters through the web interface, leading to cross-site scripting (XSS) att...