Known Vulnerabilities for products from Misp-project
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Misp-project".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-56447 json | MISP allowed an authenticated site administrator to set the Kafka_rdkafka_config setting to an arbitrary filesystem path. MIS... | Not Provided | 2026-06-22 | 2026-06-23 |
| CVE-2026-56446 json | MISP allowed a site administrator to configure an arbitrary filesystem path for the NDJSON error log used by JsonLogTool. Bec... | Not Provided | 2026-06-22 | 2026-06-23 |
| CVE-2026-56425 json | The Azure Active Directory (AAD) authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization f... | Not Provided | 2026-06-22 | 2026-06-26 |
| CVE-2026-56424 json | MISP core contained multiple broken access-control flaws where authorization checks were performed against the wrong entity, ... | Not Provided | 2026-06-22 | 2026-06-23 |
| CVE-2026-56423 json | MISP Core contained broken access-control checks in the bulk deletion flows for Event Reports and Sharing Groups. The affect... | Not Provided | 2026-06-22 | 2026-06-23 |
| CVE-2026-44381 json | MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, a SQL injection vulnerability existed in th... | Not Provided | 2026-05-13 | 2026-06-22 |
| CVE-2026-44380 json | MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in... | Not Provided | 2026-05-13 | 2026-06-22 |
| CVE-2026-44379 json | MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 U... | Not Provided | 2026-05-13 | 2026-06-22 |
| CVE-2026-39962 json | MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements... | Not Provided | 2026-04-09 | 2026-06-22 |
| CVE-2026-10864 json | A vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the fields option and influence whi... | Not Provided | 2026-06-04 | 2026-06-22 |
| CVE-2026-10863 json | A security issue was fixed in the correlations over-correlation endpoint where the order query parameter was accepted from us... | Not Provided | 2026-06-04 | 2026-06-22 |
| CVE-2026-10861 json | An open redirect vulnerability existed in MISP UsersController::routeafterlogin() because the value stored in the pre_login_r... | Not Provided | 2026-06-04 | 2026-06-22 |
| CVE-2026-10860 json | A logic error in the MISP CRUD component delete handler allowed validation failures to be bypassed when requests used the HTT... | Not Provided | 2026-06-04 | 2026-06-22 |
| CVE-2026-10856 json | A URL validation flaw in the MISP dashboard button widget allowed a crafted relative-looking URL to be accepted as a local pa... | Not Provided | 2026-06-04 | 2026-06-22 |
| CVE-2026-10855 json | An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in ove... | Not Provided | 2026-06-04 | 2026-06-22 |
| CVE-2026-10854 json | A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies be... | Not Provided | 2026-06-04 | 2026-06-22 |
| CVE-2026-10611 json | An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In depl... | Not Provided | 2026-06-02 | 2026-06-22 |
| CVE-2026-9137 json | The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB befor... | Not Provided | 2026-05-20 | 2026-06-22 |
| CVE-2026-9136 json | A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled Sha... | Not Provided | 2026-05-20 | 2026-06-22 |
| CVE-2026-8080 json | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in misp allows Stor... | Not Provided | 2026-05-07 | 2026-06-22 |
Known software with vulnerabilities from Misp-project
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Misp-project | Malware Information Sharing Platform | 0.1 |