Vulnerabilidades em misp
46 resultadosCVE-2026-44380HIGHMISP: Improper access control in auth key reset allows privilege escalation to site administratorEPSS 0.4%CVE-2026-54393MEDIUMMISP Overmind theme stored XSS via unvalidated homepage settingEPSS 0.4%CVE-2026-9137MEDIUMCSP Report Endpoint Log Flooding in MISP via Incorrect Size LimitEPSS 0.4%CVE-2026-56422CRITICALMISP Core: Mass Assignment and Object Re-ownership via Unvalidated Request FieldsEPSS 0.4%CVE-2026-10611HIGHOTP bypass via plugin-based LDAP authentication in MISP when LDAP mixed authentication is enabledEPSS 0.4%CVE-2026-39962HIGHLDAP injection in MISP ApacheAuthenticate when using a user-controlled Apache environment variableEPSS 0.3%CVE-2026-54394MEDIUMMISP organisation logo path traversal allows retrieval of arbitrary PNG/SVG filesEPSS 0.3%CVE-2026-56424HIGHBroken access control in MISP core allows cross-organization unauthorized modification or deletion of analyst data, event reports, collections, templates, and decaying modelsEPSS 0.3%CVE-2025-66384HIGHapp/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmp_name.EPSS 0.3%CVE-2026-56446HIGHAuthenticated Remote Code Execution via Arbitrary NDJSON Error Log Path in MISPEPSS 0.3%CVE-2026-56425CRITICALMISP AAD authentication plugin - Improper OAuth State Handling, Missing Session Rotation, Insecure Redirect URI Validation, and Log InjectionEPSS 0.3%CVE-2026-56447CRITICALMISP remote code execution via arbitrary rdkafka configuration pathEPSS 0.3%CVE-2026-53693MEDIUMMISP BSimVis stored cross-site scripting in tag and cluster rendering paths via unescaped tag metadata and UI labelsEPSS 0.3%CVE-2025-67906MEDIUMIn MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path.EPSS 0.3%CVE-2025-66386MEDIUMapp/Model/EventReport.php in MISP before 2.5.27 allows path traversal in view picture for a site-admin.EPSS 0.3%CVE-2026-54361HIGHMISP mass assignment vulnerabilities allow unauthorized modification of ownership and delegation recordsEPSS 0.3%CVE-2026-9806MEDIUMStored Cross-Site Scripting (XSS) in CTI Transmute Notification Panel via Malicious Convert NamesEPSS 0.3%CVE-2026-54395MEDIUMMISP UiBeta event index reflected XSS in advanced filter popupEPSS 0.3%CVE-2026-54357MEDIUMMISP improper authorization allows organization administrators to modify site administrator user settingsEPSS 0.3%CVE-2026-54396MEDIUMMISP AuthKey edit endpoint allows authenticated user email enumerationEPSS 0.2%