Known Vulnerabilities for products from MISP
Listed below are 20 of the newest known vulnerabilities associated with the vendor "MISP".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-44381 json | Not Provided | 2026-05-13 | 2026-05-14 | |
| CVE-2026-44380 json | MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in... | Not Provided | 2026-05-13 | 2026-05-15 |
| CVE-2026-44379 json | MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 U... | Not Provided | 2026-05-13 | 2026-05-15 |
| CVE-2026-44364 json | Not Provided | 2026-05-13 | 2026-05-13 | |
| CVE-2026-44363 json | Not Provided | 2026-05-13 | 2026-05-14 | |
| CVE-2026-39962 json | MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements... | Not Provided | 2026-04-09 | 2026-04-23 |
| CVE-2026-9137 json | Not Provided | 2026-05-20 | 2026-05-29 | |
| CVE-2026-9136 json | Not Provided | 2026-05-20 | 2026-05-20 | |
| CVE-2026-9084 json | Not Provided | 2026-05-20 | 2026-05-20 | |
| CVE-2026-8080 json | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in misp allows Stor... | Not Provided | 2026-05-07 | 2026-05-11 |
| CVE-2023-49926 json | 6.1 - MEDIUM | 2023-12-03 | 2023-12-06 | |
| CVE-2023-41098 json | An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id ... | 6.1 - MEDIUM | 2023-08-23 | 2023-08-28 |
| CVE-2023-40224 json | MISP 2.4174 allows XSS in app/View/Events/index.ctp. | 6.1 - MEDIUM | 2023-08-10 | 2023-11-17 |
| CVE-2023-24027 json | In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name. | 6.1 - MEDIUM | 2023-01-20 | 2023-01-27 |
| CVE-2022-48329 json | MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyClu... | 9.8 - CRITICAL | 2023-02-20 | 2023-02-28 |
| CVE-2022-48328 json | app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimit... | 9.8 - CRITICAL | 2023-02-20 | 2023-10-30 |
| CVE-2022-29534 json | An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors inv... | 7.5 - HIGH | 2022-04-20 | 2024-02-01 |
| CVE-2022-29533 json | An issue was discovered in MISP before 2.4.158. There is XSS in app/Controller/OrganisationsController.php in a situation wit... | 6.1 - MEDIUM | 2022-04-20 | 2023-12-21 |
| CVE-2022-29532 json | An issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: UR... | 4.8 - MEDIUM | 2022-04-20 | 2024-02-01 |
| CVE-2022-29531 json | An issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag name. | 5.4 - MEDIUM | 2022-04-20 | 2023-12-21 |
Known software with vulnerabilities from MISP
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Misp | Misp | 0.1 |
| Application | Misp | Misp-maltego | 1.4.4 |