π¨ CVE-2026-56376
ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap use-after-free in the meta coder: when memory allocation fails, a single byte is written to a stale pointer. Remote attackers can trigger it by processing specially crafted image files, causing a denial of service.
π@cveNotify
ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap use-after-free in the meta coder: when memory allocation fails, a single byte is written to a stale pointer. Remote attackers can trigger it by processing specially crafted image files, causing a denial of service.
π@cveNotify
GitHub
Possible heap use-after-free in meta coder
A heap use-after-free vulnerability exists in the meta coder when an allocation fails and a single byte is written to a stale pointer.
```
==535852==ERROR: AddressSanitizer: heap-use-after-free...
```
==535852==ERROR: AddressSanitizer: heap-use-after-free...
π¨ CVE-2026-56379
ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that allows attackers to inject arbitrary MVG drawing commands. Attackers can craft malicious SVG files with injected Magick Vector Graphics commands that execute during rendering.
π@cveNotify
ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that allows attackers to inject arbitrary MVG drawing commands. Attackers can craft malicious SVG files with injected Magick Vector Graphics commands that execute during rendering.
π@cveNotify
GitHub
SVG-to-MVG Command Injection via coders/svg.c
An attacker can inject arbitrary MVG (Magick Vector Graphics) drawing commands in an SVG file that is read by the internal SVG decoder of ImageMagick. The injected MVG commands execute during rende...
π¨ CVE-2026-56701
Grav before 2.0.0-beta.2 contains an XML external entity injection vulnerability in SVG file upload processing that allows authenticated attackers to read arbitrary files. The application uses simplexml_load_string without disabling external entity loading, enabling attackers to inject XXE payloads via malicious SVG files to exfiltrate sensitive data.
π@cveNotify
Grav before 2.0.0-beta.2 contains an XML external entity injection vulnerability in SVG file upload processing that allows authenticated attackers to read arbitrary files. The application uses simplexml_load_string without disabling external entity loading, enabling attackers to inject XXE payloads via malicious SVG files to exfiltrate sensitive data.
π@cveNotify
GitHub
XXE via SVG Upload
Dear Grav Security Team,
I am writing to report a security vulnerability discovered in Grav CMS that allows authenticated attackers to read arbitrary files from the server through XML External E...
I am writing to report a security vulnerability discovered in Grav CMS that allows authenticated attackers to read arbitrary files from the server through XML External E...
π¨ CVE-2026-56762
Hono before 4.12.12 does not validate cookie names on the write path in the setCookie(), serialize(), and serializeSigned() functions, allowing invalid characters such as control characters (e.g. \r or \n) when an application passes a user-controlled cookie name. This can produce malformed Set-Cookie header values. In modern runtimes such as Node.js and Cloudflare Workers, such invalid header values are rejected and cause a runtime error before the response is sent, so header injection or response splitting could not be reproduced; the issue primarily affects correctness and robustness, resulting in runtime errors (availability) rather than confirmed header injection.
π@cveNotify
Hono before 4.12.12 does not validate cookie names on the write path in the setCookie(), serialize(), and serializeSigned() functions, allowing invalid characters such as control characters (e.g. \r or \n) when an application passes a user-controlled cookie name. This can produce malformed Set-Cookie header values. In modern runtimes such as Node.js and Cloudflare Workers, such invalid header values are rejected and cause a runtime error before the response is sent, so header injection or response splitting could not be reproduced; the issue primarily affects correctness and robustness, resulting in runtime errors (availability) rather than confirmed header injection.
π@cveNotify
GitHub
Missing validation of cookie name on write path in setCookie()
## Summary
Cookie names are not validated on the write path when using `setCookie()`, `serialize()`, or `serializeSigned()` to generate Set-Cookie headers.
While certain cookie attributes suc...
Cookie names are not validated on the write path when using `setCookie()`, `serialize()`, or `serializeSigned()` to generate Set-Cookie headers.
While certain cookie attributes suc...
π¨ CVE-2026-56784
OpenRemote Manager before 1.24.2 contains an insecure direct object reference vulnerability in the removeAlarms() method that allows authenticated users to delete alarms from other tenants by supplying arbitrary alarm IDs. The bulk deletion endpoint fails to validate that targeted alarm IDs belong to the caller's realm, enabling cross-tenant permanent destruction of safety-critical and security alerts.
π@cveNotify
OpenRemote Manager before 1.24.2 contains an insecure direct object reference vulnerability in the removeAlarms() method that allows authenticated users to delete alarms from other tenants by supplying arbitrary alarm IDs. The bulk deletion endpoint fails to validate that targeted alarm IDs belong to the caller's realm, enabling cross-tenant permanent destruction of safety-critical and security alerts.
π@cveNotify
GitHub
removeAlarms cross-realm IDOR (bulk delete)
### Summary
OpenRemote Manager is vulnerable to a cross-tenant Insecure Direct
Object Reference (IDOR) in the bulk alarm deletion endpoint. An
authenticated user in any realm can delete alarms b...
OpenRemote Manager is vulnerable to a cross-tenant Insecure Direct
Object Reference (IDOR) in the bulk alarm deletion endpoint. An
authenticated user in any realm can delete alarms b...
π¨ CVE-2015-5719
app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact and attack vectors.
π@cveNotify
app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact and attack vectors.
π@cveNotify
π¨ CVE-2015-5720
Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp, and (3) ajaxification.js.
π@cveNotify
Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp, and (3) ajaxification.js.
π@cveNotify
π¨ CVE-2015-5721
Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp.
π@cveNotify
Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp.
π@cveNotify
π¨ CVE-2022-42724
app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names (this is information that only the site admin should have).
π@cveNotify
app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names (this is information that only the site admin should have).
π@cveNotify
GitHub
security: [user] Fixing disclosure of roles name to non-site admin us⦠· MISP/MISP@934b9cd
β¦ers and ensure user edit applies the restricted_to_site_admin option
This vulnerability with a default MISP installation without additional roles is disclosing list of role name which were restri...
This vulnerability with a default MISP installation without additional roles is disclosing list of role name which were restri...
π¨ CVE-2022-47928
In MISP before 2.4.167, there is XSS in the template file uploads in app/View/Templates/upload_file.ctp.
π@cveNotify
In MISP before 2.4.167, there is XSS in the template file uploads in app/View/Templates/upload_file.ctp.
π@cveNotify
GitHub
fix: [security] XSS in the template file uploads Β· MISP/MISP@684d3e5
- as reported by Dawid Czarnecki from Zigrin Security
π¨ CVE-2023-24070
app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an XSS in authkey add via a Referer field.
π@cveNotify
app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an XSS in authkey add via a Referer field.
π@cveNotify
GitHub
fix: [security] XSS in authkey add Β· MISP/MISP@f7238fe
- as reported by Dawid Czarnecki from Zigrin Security
π¨ CVE-2023-28606
js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips.
π@cveNotify
js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips.
π@cveNotify
GitHub
fix: [security] XSS in event-graph node tooltips Β· MISP/MISP@30255b8
- as reported by Cyber Controls from SIX Group
π¨ CVE-2023-28607
js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip.
π@cveNotify
js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip.
π@cveNotify
GitHub
fix: [security] XSS in event-graph relationship tooltip Β· MISP/MISP@78f4234
MISP (core software) - Open Source Threat Intelligence and Sharing Platform - fix: [security] XSS in event-graph relationship tooltip Β· MISP/MISP@78f4234
π¨ CVE-2023-28884
In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.
π@cveNotify
In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.
π@cveNotify
GitHub
fix: [security] XSS in community index Β· MISP/MISP@b94c797
- As reported by Zigrin Security
π¨ CVE-2023-37306
MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.
π@cveNotify
MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.
π@cveNotify
GitHub
fix: properly handle different cert file extensions in server sync. #β¦ Β· MISP/MISP@f125630
β¦9084
π¨ CVE-2023-37307
In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts.
π@cveNotify
In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts.
π@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
π¨ CVE-2023-48655
An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters.
π@cveNotify
An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters.
π@cveNotify
GitHub
fix: properly filter out query parameters Β· MISP/MISP@158c8b2
MISP (core software) - Open Source Threat Intelligence and Sharing Platform - fix: properly filter out query parameters Β· MISP/MISP@158c8b2
π¨ CVE-2023-48656
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.
π@cveNotify
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.
π@cveNotify
GitHub
fix: fixed invalid ordering errors Β· MISP/MISP@d6ad402
MISP (core software) - Open Source Threat Intelligence and Sharing Platform - fix: fixed invalid ordering errors Β· MISP/MISP@d6ad402
π¨ CVE-2023-48657
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.
π@cveNotify
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.
π@cveNotify
GitHub
chg: [restsearch internal] sanity check erroneous filters Β· MISP/MISP@08bd232
MISP (core software) - Open Source Threat Intelligence and Sharing Platform - chg: [restsearch internal] sanity check erroneous filters Β· MISP/MISP@08bd232
π¨ CVE-2023-48658
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space.
π@cveNotify
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space.
π@cveNotify
GitHub
chg: [helper] Added param sanity check helper function Β· MISP/MISP@1686215
MISP (core software) - Open Source Threat Intelligence and Sharing Platform - chg: [helper] Added param sanity check helper function Β· MISP/MISP@1686215
π¨ CVE-2023-48659
An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing.
π@cveNotify
An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing.
π@cveNotify
GitHub
fix: [internal] improved parameter parsing Β· MISP/MISP@37ecf81
MISP (core software) - Open Source Threat Intelligence and Sharing Platform - fix: [internal] improved parameter parsing Β· MISP/MISP@37ecf81