Vulnerabilities
Recent vulnerabilities
Recent vulnerabilities from
Select from 70 available sources using the dropdown above.
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| GCVE-1-2026-20087 |
9.4 (4.0)
|
MISP Core: Mass Assignment and Object Re-ownership viaā¦ |
misp |
misp |
2026-06-22T11:38:00.000Z | 2026-06-23T05:58:42.768204Z |
| GCVE-1-2026-20134 |
8.7 (4.0)
|
Authenticated Remote Code Execution via Arbitrary NDJSā¦ |
misp |
misp |
2026-06-22T12:31:00.000Z | 2026-06-23T05:57:05.092862Z |
| GCVE-1-2026-20131 |
5.1 (4.0)
|
AIL Framework - Missing Rate Limiting Enables Brute-Foā¦ |
ail project |
ail framework |
2026-06-22T13:02:18.669480Z | 2026-06-22T13:02:27.300718Z |
| GCVE-1-2026-20088 |
8.3 (4.0)
|
Authenticated Path Traversal in AIL Framework Investigā¦ |
ail project |
ail framework |
2026-06-22T12:53:47.032329Z | 2026-06-22T12:54:39.580842Z |
| GCVE-1-2026-20105 |
9.3 (4.0)
|
MISP remote code execution via arbitrary rdkafka confiā¦ |
misp |
misp |
2026-06-22T12:39:13.015122Z | 2026-06-22T12:39:24.277077Z |
| GCVE-1-2026-20091 |
9.3 (4.0)
|
MISP AAD authentication plugin - Improper OAuth State ā¦ |
misp |
misp |
2026-06-22T12:21:00.000Z | 2026-06-22T12:24:50.403439Z |
| GCVE-1-2026-20099 |
7.1 (4.0)
|
Broken access control in MISP core allows cross-organiā¦ |
misp |
misp |
2026-06-22T12:13:00.000Z | 2026-06-22T12:17:10.271177Z |
| GCVE-1-2026-20094 |
9.4 (4.0)
|
MISP Core: Broken access control allows instance-wide ā¦ |
misp |
misp |
2026-06-22T11:54:10.298853Z | 2026-06-22T11:56:08.008149Z |
| GCVE-1-2026-20114 |
5.3 (4.0)
|
Authenticated Path Traversal in AIL framework /objectsā¦ |
ail-project |
ail-framework |
2026-06-19T08:03:34.981330Z | 2026-06-19T08:03:52.099550Z |
| GCVE-1-2026-20070 |
5.3 (4.0)
|
MISP object edit authorization bypass allows unauthoriā¦ |
misp |
misp |
2026-06-12T21:07:14.650450Z | 2026-06-12T21:08:11.190809Z |
| GCVE-1-2026-20124 |
6.1 (4.0)
|
MISP event editing allows unauthorized assignment to uā¦ |
misp |
misp |
2026-06-12T20:55:35.673197Z | 2026-06-12T20:55:46.810996Z |
| GCVE-1-2026-20044 |
5.3 (4.0)
|
MISP AuthKey edit endpoint allows authenticated user eā¦ |
misp |
misp |
2026-06-12T20:45:00.000Z | 2026-06-12T20:47:57.970104Z |
| GCVE-1-2026-20030 |
5.3 (4.0)
|
MISP UiBeta event index reflected XSS in advanced filtā¦ |
misp |
misp |
2026-06-12T20:34:00.000Z | 2026-06-12T20:35:57.600048Z |
| GCVE-1-2026-20123 |
5.3 (4.0)
|
MISP organisation logo path traversal allows retrievalā¦ |
misp |
misp |
2026-06-12T20:30:07.276457Z | 2026-06-12T20:30:17.372737Z |
| GCVE-1-2026-20036 |
5.1 (4.0)
|
MISP Overmind theme stored XSS via unvalidated homepagā¦ |
misp |
misp |
2026-06-12T20:16:32.896814Z | 2026-06-12T20:21:32.310190Z |
| GCVE-1-2026-20008 |
5.3 (4.0)
|
MISP template builder exposes non-visible custom galaxā¦ |
misp |
misp |
2026-06-12T20:06:54.852957Z | 2026-06-12T20:07:09.547667Z |
| GCVE-1-2026-20068 |
8.8 (4.0)
|
MISP mass assignment vulnerabilities allow unauthorizeā¦ |
misp |
misp |
2026-06-12T19:59:32.150071Z | 2026-06-12T19:59:41.302526Z |
| GCVE-1-2026-20120 |
8.4 (4.0)
|
MISP sharing group creation mass assignment allows unaā¦ |
misp |
misp |
2026-06-12T19:51:28.662997Z | 2026-06-12T19:51:37.145352Z |
| GCVE-1-2026-20040 |
7.1 (4.0)
|
MISP automation endpoints may be exposed to CSRF when ā¦ |
misp |
misp |
2026-06-12T19:44:03.403919Z | 2026-06-12T19:44:13.229452Z |
| GCVE-1-2026-20006 |
7.5 (4.0)
|
MISP organization administrators can target site adminā¦ |
misp |
misp |
2026-06-12T19:34:16.198371Z | 2026-06-12T19:34:30.813844Z |
| GCVE-1-2026-20084 |
5.1 (4.0)
|
MISP improper authorization allows organization adminiā¦ |
misp |
misp |
2026-06-12T19:25:13.040008Z | 2026-06-12T19:25:24.661452Z |
| GCVE-1-2026-20092 |
9 (4.0)
|
MISP user edit endpoint mass assignment vulnerability ā¦ |
misp |
misp |
2026-06-04T14:37:00.000Z | 2026-06-12T06:57:43.643196Z |
| GCVE-1-2026-20080 |
7.9 (4.0)
|
MISP CRUDComponent delete validation bypass via operatā¦ |
misp |
misp |
2026-06-04T13:33:00.000Z | 2026-06-11T13:25:46.835801Z |
| GCVE-1-2026-20046 |
7.4 (4.0)
|
MISP may be exposed to CSRF attacks when Sec-Fetch-Sitā¦ |
misp |
misp |
2026-06-11T13:07:22.129989Z | 2026-06-11T13:08:27.777574Z |
| GCVE-1-2026-20027 |
5.1 (4.0)
|
Cerebrate self-registration password hash exposure viaā¦ |
cerebrate |
cerebrate |
2026-06-11T10:02:42.624185Z | 2026-06-11T10:02:55.904460Z |
| GCVE-1-2026-20076 |
6.3 (4.0)
|
Cerebrate primary key mass assignment in CRUD edit opeā¦ |
cerebrate |
cerebrate |
2026-06-11T09:40:36.689045Z | 2026-06-11T09:41:26.011182Z |
| GCVE-1-2026-20016 |
8.7 (4.0)
|
Cerebrate before v1.37 allows mass assignment of recorā¦ |
cerebrate |
cerebrate |
2026-06-11T07:29:00.000Z | 2026-06-11T07:31:26.096364Z |
| GCVE-1-2026-20015 |
7.3 (4.0)
|
Potential local privileges escalation through argumentā¦ |
NoMachine |
NoMachine |
2026-06-10T14:56:51.655591Z | 2026-06-10T14:57:15.939259Z |
| GCVE-1-2026-20021 |
6.9 (4.0)
|
MISP BSimVis stored cross-site scripting in tag and clā¦ |
misp |
bsimvis |
2026-06-10T14:32:00.000Z | 2026-06-10T14:34:44.233807Z |
| GCVE-1-2026-20069 |
5.3 (4.0)
|
MISP Dashboard widget field selection may expose restrā¦ |
misp |
misp |
2026-06-04T13:52:44.451016Z | 2026-06-04T13:53:15.203048Z |