misp-project security advisories
13 threat alerts tracking vulnerabilities and security advisories that affect misp-project products.
Vulnios monitors misp-project CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent misp-project security news in one place, or click into an individual alert for full detail.
Critical Vulnerability: CVE-2023-48655 — misp-project — misp
An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters.
criticalCVE-2023-48655Critical Vulnerability: CVE-2023-48656 — misp-project — misp
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.
criticalCVE-2023-48656Critical Vulnerability: CVE-2023-48657 — misp-project — misp
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.
criticalCVE-2023-48657Critical Vulnerability: CVE-2023-48658 — misp-project — misp
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space.
criticalCVE-2023-48658Critical Vulnerability: CVE-2023-48659 — misp-project — misp
An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing.
criticalCVE-2023-48659Critical Vulnerability: CVE-2024-29859 — misp-project — misp
In MISP before 2.4.187, add_misp_export in app/Controller/EventsController.php does not properly check for a valid file upload.
criticalCVE-2024-29859Critical Vulnerability: CVE-2026-39962 — misp-project — misp
MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows LDAP injection via an un
criticalCVE-2026-39962Critical Vulnerability: CVE-2018-12649 — misp-project — misp
An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. An adversary can bypass the brute-force protection by using a PUT HTTP method instead of a POST HTTP method in the login p
criticalCVE-2018-12649Critical Vulnerability: CVE-2020-15411 — misp-project — misp
An issue was discovered in MISP 2.4.128. app/Controller/AttributesController.php has insufficient ACL checks in the attachment downloader.
criticalCVE-2020-15411Critical Vulnerability: CVE-2021-25323 — misp-project — misp
The default setting of MISP 2.4.136 did not enable the requirements (aka require_password_confirmation) to provide the previous password when changing a password.
criticalCVE-2021-25323Critical Vulnerability: CVE-2020-29006 — misp-project — misp
MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php.
criticalCVE-2020-29006Critical Vulnerability: CVE-2015-5719 — misp-project — malware_information_sharing_platform
app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact an
criticalCVE-2015-5719Critical Vulnerability: CVE-2015-5721 — misp-project — malware_information_sharing_platform
Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_e
criticalCVE-2015-5721
Track misp-project exposure across your environment
Vulnios automatically cross-references your asset inventory against new misp-project CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan