Vulnerabilities
Recent vulnerabilities
Recent vulnerabilities from
š GNA-1 (CIRCL)
Select from 78 available sources using the dropdown above.
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| GCVE-1-2026-20070 |
5.3 (4.0)
|
MISP object edit authorization bypass allows unauthori⦠|
misp |
misp |
2026-06-12T21:07:14.650450Z | 2026-06-12T21:08:11.190809Z |
| GCVE-1-2026-20124 |
6.1 (4.0)
|
MISP event editing allows unauthorized assignment to u⦠|
misp |
misp |
2026-06-12T20:55:35.673197Z | 2026-06-12T20:55:46.810996Z |
| GCVE-1-2026-20044 |
5.3 (4.0)
|
MISP AuthKey edit endpoint allows authenticated user e⦠|
misp |
misp |
2026-06-12T20:45:00.000Z | 2026-06-12T20:47:57.970104Z |
| GCVE-1-2026-20030 |
5.3 (4.0)
|
MISP UiBeta event index reflected XSS in advanced filt⦠|
misp |
misp |
2026-06-12T20:34:00.000Z | 2026-06-12T20:35:57.600048Z |
| GCVE-1-2026-20123 |
5.3 (4.0)
|
MISP organisation logo path traversal allows retrieval⦠|
misp |
misp |
2026-06-12T20:30:07.276457Z | 2026-06-12T20:30:17.372737Z |
| GCVE-1-2026-20036 |
5.1 (4.0)
|
MISP Overmind theme stored XSS via unvalidated homepag⦠|
misp |
misp |
2026-06-12T20:16:32.896814Z | 2026-06-12T20:21:32.310190Z |
| GCVE-1-2026-20008 |
5.3 (4.0)
|
MISP template builder exposes non-visible custom galax⦠|
misp |
misp |
2026-06-12T20:06:54.852957Z | 2026-06-12T20:07:09.547667Z |
| GCVE-1-2026-20068 |
8.8 (4.0)
|
MISP mass assignment vulnerabilities allow unauthorize⦠|
misp |
misp |
2026-06-12T19:59:32.150071Z | 2026-06-12T19:59:41.302526Z |
| GCVE-1-2026-20120 |
8.4 (4.0)
|
MISP sharing group creation mass assignment allows una⦠|
misp |
misp |
2026-06-12T19:51:28.662997Z | 2026-06-12T19:51:37.145352Z |
| GCVE-1-2026-20040 |
7.1 (4.0)
|
MISP automation endpoints may be exposed to CSRF when ⦠|
misp |
misp |
2026-06-12T19:44:03.403919Z | 2026-06-12T19:44:13.229452Z |
| GCVE-1-2026-20006 |
7.5 (4.0)
|
MISP organization administrators can target site admin⦠|
misp |
misp |
2026-06-12T19:34:16.198371Z | 2026-06-12T19:34:30.813844Z |
| GCVE-1-2026-20084 |
5.1 (4.0)
|
MISP improper authorization allows organization admini⦠|
misp |
misp |
2026-06-12T19:25:13.040008Z | 2026-06-12T19:25:24.661452Z |
| GCVE-1-2026-20046 |
7.4 (4.0)
|
MISP may be exposed to CSRF attacks when Sec-Fetch-Sit⦠|
misp |
misp |
2026-06-11T13:07:22.129989Z | 2026-06-11T13:08:27.777574Z |
| GCVE-1-2026-20027 |
5.1 (4.0)
|
Cerebrate self-registration password hash exposure via⦠|
cerebrate |
cerebrate |
2026-06-11T10:02:42.624185Z | 2026-06-11T10:02:55.904460Z |
| GCVE-1-2026-20076 |
6.3 (4.0)
|
Cerebrate primary key mass assignment in CRUD edit ope⦠|
cerebrate |
cerebrate |
2026-06-11T09:40:36.689045Z | 2026-06-11T09:41:26.011182Z |
| GCVE-1-2026-20016 |
8.7 (4.0)
|
Cerebrate before v1.37 allows mass assignment of recor⦠|
cerebrate |
cerebrate |
2026-06-11T07:29:00.000Z | 2026-06-11T07:31:26.096364Z |
| GCVE-1-2026-20015 |
7.3 (4.0)
|
Potential local privileges escalation through argument⦠|
NoMachine |
NoMachine |
2026-06-10T14:56:51.655591Z | 2026-06-10T14:57:15.939259Z |
| GCVE-1-2026-20021 |
6.9 (4.0)
|
MISP BSimVis stored cross-site scripting in tag and cl⦠|
misp |
bsimvis |
2026-06-10T14:32:00.000Z | 2026-06-10T14:34:44.233807Z |
| GCVE-1-2026-20092 |
9 (4.0)
|
MISP user edit endpoint mass assignment vulnerability ⦠|
misp |
misp |
2026-06-04T14:37:00.000Z | 2026-06-12T06:57:43.643196Z |
| GCVE-1-2026-20069 |
5.3 (4.0)
|
MISP Dashboard widget field selection may expose restr⦠|
misp |
misp |
2026-06-04T13:52:44.451016Z | 2026-06-04T13:53:15.203048Z |
| GCVE-1-2026-20059 |
6.4 (4.0)
|
MISP User-controlled order parameter in correlations o⦠|
misp |
misp |
2026-06-04T13:43:15.325491Z | 2026-06-04T13:43:53.201590Z |
| GCVE-1-2026-20080 |
7.9 (4.0)
|
MISP CRUDComponent delete validation bypass via operat⦠|
misp |
misp |
2026-06-04T13:33:00.000Z | 2026-06-11T13:25:46.835801Z |
| GCVE-1-2026-20083 |
5.1 (4.0)
|
MISP post-login open redirect via pre_login_requested_url |
misp |
misp |
2026-06-04T13:24:46.311258Z | 2026-06-04T13:26:10.929321Z |
| GCVE-1-2026-20101 |
5.1 (4.0)
|
Open redirect in MISP dashboard button widget URL handling |
misp |
misp |
2026-06-04T13:15:07.059298Z | 2026-06-04T13:17:44.483681Z |
| GCVE-1-2026-20047 |
5.1 (4.0)
|
MISP Event template importer authorization bypass |
misp |
misp |
2026-06-04T13:03:38.630862Z | 2026-06-04T13:05:56.422493Z |
| GCVE-1-2026-20066 |
5.3 (4.0)
|
Unauthorized exposure of private galaxies in MISP even⦠|
misp |
misp |
2026-06-04T12:50:00.000Z | 2026-06-04T12:55:19.417449Z |
| GCVE-1-2026-20081 |
8.2 (4.0)
|
OTP bypass via plugin-based LDAP authentication in MIS⦠|
misp |
misp |
2026-06-02T12:44:00.000Z | 2026-06-02T12:49:10.965149Z |
| GCVE-1-2026-20001 |
6.2 (4.0)
|
FlowIntel external reference URL probe allows server-s⦠|
flowintel |
flowintel |
2026-05-28T09:24:00.000Z | 2026-05-28T09:28:16.686697Z |
| GCVE-1-2026-0036 |
6.3 (4.0)
|
Stored Cross-Site Scripting (XSS) in CTI Transmute Not⦠|
misp |
cti-transmute |
2026-05-27T15:06:00.000Z | 2026-05-28T06:42:02.283417Z |
| GCVE-1-2026-0035 |
8.3 (4.0)
|
Unauthorized ShadowAttribute modification in MISP via ⦠|
misp |
misp |
2026-05-20T18:34:00.000Z | 2026-05-20T18:41:09.250167Z |