Vulnerabilidades en MISP
46 resultadosCVE-2026-54396MEDIUMMISP AuthKey edit endpoint allows authenticated user email enumerationEPSS 0.2%CVE-2026-10868CRITICALMISP user edit endpoint mass assignment vulnerability allows unauthorized user account modificationEPSS 0.2%CVE-2024-57969MEDIUMapp/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a GUI attribute search.EPSS 0.2%CVE-2026-9136HIGHUnauthorized ShadowAttribute modification in MISP via client-supplied identifierEPSS 0.2%CVE-2026-54358HIGHMISP organization administrators can target site administrator accounts for password resetEPSS 0.2%CVE-2026-44381CRITICALMISP: SQL injection via unvalidated ordering parameters in event and shadow attribute listingsEPSS 0.2%CVE-2026-54397MEDIUMMISP event editing allows unauthorized assignment to undisclosed sharing groupsEPSS 0.2%CVE-2026-54360HIGHMISP sharing group creation mass assignment allows unauthorized takeover of existing sharing groupsEPSS 0.2%CVE-2026-10863MEDIUMMISP User-controlled order parameter in correlations over-correlation endpointEPSS 0.2%CVE-2026-10861MEDIUMMISP post-login open redirect via pre_login_requested_urlEPSS 0.2%CVE-2026-54398MEDIUMMISP object edit authorization bypass allows unauthorized sharing group assignmentEPSS 0.2%CVE-2026-54362MEDIUMMISP template builder exposes non-visible custom galaxies across organisationsEPSS 0.2%CVE-2024-58130HIGHIn app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responEPSS 0.2%CVE-2026-10860HIGHMISP CRUDComponent delete validation bypass via operator precedence errorEPSS 0.2%CVE-2024-58129MEDIUMIn MISP before 2.4.193, menu_custom_right_link_html parameters can be set via the UI (i.e., without using the CLI) and thus attackers with aEPSS 0.2%CVE-2024-58128MEDIUMIn MISP before 2.4.193, menu_custom_right_link parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin EPSS 0.2%CVE-2026-54359HIGHMISP automation endpoints may be exposed to CSRF when Sec-Fetch-Site protection is disabled by defaultEPSS 0.2%CVE-2026-44364CRITICALmisp-modules website - Missing CSRF protection in the website home blueprintEPSS 0.2%CVE-2026-9084MEDIUMMISP OIDC authentication bypass via automatic email-based account linking under insecure IdP configurationsEPSS 0.2%CVE-2026-44379MEDIUMMISP: Improper UUID validation in MISP CollectionsEPSS 0.2%