{ "append_only": true, "archive_index_url": "https://vuln.signal-radar.com/data/vuln/archive/index.json", "archive_version": "v0.1", "generated_at": "2026-06-26T11:57:41.750724+00:00", "immutable_run": true, "item_count": 20, "items": [ { "affected_label": "adobe / flash_player", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2011-0627/", "current_public_safe_latest": true, "cvss_score": 8.8, "cvss_severity": "HIGH", "epss_percentile": 0.91234, "epss_score": 0.05066, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2011-0627", "impact_tags": [ "code execution review", "service availability review", "memory safety review", "remote exposure relevant" ], "kev": false, "last_observed_at": "2026-06-26T11:56:46.393687+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2011-0627.json", "product": "flash_player", "public_safe_summary": "NVD: Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly...", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260626T115741Z/items/CVE-2011-0627.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 10, "source_published_affected": "vendor/product: adobe / flash_player; affected version context: 6.0.21.0, 6.0.79, 7.0, 7.0.1, 7.0.14.0", "source_published_impact": "Source describes code execution review · service availability risk · memory safety review. Possible impact: A remote attacker may be able to run code or commands on affected systems.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly...", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2011-0627/timeline.json", "vendor": "adobe" }, { "affected_label": "misp-project / misp", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2015-5719/", "current_public_safe_latest": true, "cvss_score": 9.8, "cvss_severity": "CRITICAL", "epss_percentile": 0.80815, "epss_score": 0.02268, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2015-5719", "impact_tags": [], "kev": false, "last_observed_at": "2026-06-26T11:56:46.393687+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2015-5719.json", "product": "misp", "public_safe_summary": "NVD: app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact and attack vectors.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260626T115741Z/items/CVE-2015-5719.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 10, "source_published_affected": "vendor/product: misp-project / misp", "source_published_impact": "This critical severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for critical severity review.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact and attack vectors.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2015-5719/timeline.json", "vendor": "misp-project" }, { "affected_label": "misp-project / misp", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2015-5720/", "current_public_safe_latest": true, "cvss_score": 6.1, "cvss_severity": "MEDIUM", "epss_percentile": 0.67797, "epss_score": 0.01343, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2015-5720", "impact_tags": [ "XSS risk", "remote exposure relevant" ], "kev": false, "last_observed_at": "2026-06-26T11:56:46.393687+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2015-5720.json", "product": "misp", "public_safe_summary": "NVD: Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp...", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260626T115741Z/items/CVE-2015-5720.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 10, "source_published_affected": "vendor/product: misp-project / misp", "source_published_impact": "Source describes XSS risk · remote exposure. Possible impact: This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for XSS risk · remote exposure.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp...", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2015-5720/timeline.json", "vendor": "misp-project" }, { "affected_label": "misp-project / misp", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2015-5721/", "current_public_safe_latest": true, "cvss_score": 9.8, "cvss_severity": "CRITICAL", "epss_percentile": 0.83442, "epss_score": 0.0261, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2015-5721", "impact_tags": [ "remote exposure relevant" ], "kev": false, "last_observed_at": "2026-06-26T11:56:46.393687+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2015-5721.json", "product": "misp", "public_safe_summary": "NVD: Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260626T115741Z/items/CVE-2015-5721.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 10, "source_published_affected": "vendor/product: misp-project / misp", "source_published_impact": "Source describes remote exposure. Possible impact: This critical severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for remote exposure.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2015-5721/timeline.json", "vendor": "misp-project" }, { "affected_label": "misp-project / misp", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2017-13671/", "current_public_safe_latest": true, "cvss_score": 6.1, "cvss_severity": "MEDIUM", "epss_percentile": 0.57305, "epss_score": 0.00967, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2017-13671", "impact_tags": [ "XSS risk" ], "kev": false, "last_observed_at": "2026-06-26T11:56:46.393687+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2017-13671.json", "product": "misp", "public_safe_summary": "NVD: app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. NVD: It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation. OSV: app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260626T115741Z/items/CVE-2017-13671.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 10, "source_published_affected": "vendor/product: misp-project / misp", "source_published_impact": "Source describes XSS risk. Possible impact: This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for XSS risk.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. NVD: It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation. OSV: app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments.", "sources": [ "NVD", "OSV", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2017-13671/timeline.json", "vendor": "misp-project" }, { "affected_label": "cisco / umbrella_virtual_appliance", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2017-12350/", "current_public_safe_latest": true, "cvss_score": 8.2, "cvss_severity": "HIGH", "epss_percentile": 0.26803, "epss_score": 0.00349, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2017-12350", "impact_tags": [ "admin privilege risk", "local exposure relevant" ], "kev": false, "last_observed_at": "2026-06-26T11:56:46.393687+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2017-12350.json", "product": "umbrella_virtual_appliance", "public_safe_summary": "NVD: A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. NVD: The vulnerability is due to the presence of default, static user credentials for an affected virtual appliance. NVD: An attacker could exploit this vulnerability by using the hypervisor console to connect locally to an affected system and then using the static credentials to log in to an affected virtual appliance.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260626T115741Z/items/CVE-2017-12350.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 10, "source_published_affected": "vendor/product: cisco / umbrella_virtual_appliance", "source_published_impact": "Source describes admin privilege risk · local exposure. Possible impact: A local user may gain root or administrative-level privileges on affected systems.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. NVD: The vulnerability is due to the presence of default, static user credentials for an affected virtual appliance. NVD: An attacker could exploit this vulnerability by using the hypervisor console to connect locally to an affected system and then using the static credentials to log in to an affected virtual appliance.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2017-12350/timeline.json", "vendor": "cisco" }, { "affected_label": "misp-project / misp", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2017-16946/", "current_public_safe_latest": true, "cvss_score": 4.9, "cvss_severity": "MEDIUM", "epss_percentile": 0.60703, "epss_score": 0.01075, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2017-16946", "impact_tags": [], "kev": false, "last_observed_at": "2026-06-26T11:56:46.393687+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2017-16946.json", "product": "misp", "public_safe_summary": "NVD: The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log. OSV: The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260626T115741Z/items/CVE-2017-16946.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 10, "source_published_affected": "vendor/product: misp-project / misp; affected version context: 2.4.82", "source_published_impact": "This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for defensive exposure review.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log. OSV: The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log.", "sources": [ "NVD", "OSV", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2017-16946/timeline.json", "vendor": "misp-project" }, { "affected_label": "cisco / umbrella_virtual_appliance", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2017-6679/", "current_public_safe_latest": true, "cvss_score": 6.4, "cvss_severity": "MEDIUM", "epss_percentile": 0.27761, "epss_score": 0.00359, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2017-6679", "impact_tags": [], "kev": false, "last_observed_at": "2026-06-26T11:56:46.393687+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2017-6679.json", "product": "umbrella_virtual_appliance", "public_safe_summary": "NVD: The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. NVD: These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. NVD: To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260626T115741Z/items/CVE-2017-6679.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 10, "source_published_affected": "vendor/product: cisco / umbrella_virtual_appliance", "source_published_impact": "This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for defensive exposure review.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. NVD: These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. NVD: To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2017-6679/timeline.json", "vendor": "cisco" }, { "affected_label": "misp-project / misp", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2018-6926/", "current_public_safe_latest": true, "cvss_score": 7.2, "cvss_severity": "HIGH", "epss_percentile": 0.73798, "epss_score": 0.01668, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2018-6926", "impact_tags": [], "kev": false, "last_observed_at": "2026-06-26T11:56:46.393687+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2018-6926.json", "product": "misp", "public_safe_summary": "NVD: In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), and consequently allowed site admins to inject... NVD: The impact is limited by the setting being only accessible to the site administrator. OSV: In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), and consequently allowed site admins to inject...", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260626T115741Z/items/CVE-2018-6926.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 10, "source_published_affected": "vendor/product: misp-project / misp; affected version context: 2.4.87", "source_published_impact": "This high severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for high severity review.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), and consequently allowed site admins to inject... NVD: The impact is limited by the setting being only accessible to the site administrator. OSV: In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), and consequently allowed site admins to inject...", "sources": [ "NVD", "OSV", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2018-6926/timeline.json", "vendor": "misp-project" }, { "affected_label": "misp-project / misp", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2018-11562/", "current_public_safe_latest": true, "cvss_score": 6.1, "cvss_severity": "MEDIUM", "epss_percentile": 0.52195, "epss_score": 0.00809, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2018-11562", "impact_tags": [ "XSS risk" ], "kev": false, "last_observed_at": "2026-06-26T11:56:46.393687+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2018-11562.json", "product": "misp", "public_safe_summary": "NVD: An issue was discovered in MISP 2.4.91. NVD: A vulnerability in app/View/Elements/eventattribute.ctp allows reflected XSS if a user clicks on a malicious link for an event view and then clicks on the deleted attributes quick filter. OSV: An issue was discovered in MISP 2.4.91.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260626T115741Z/items/CVE-2018-11562.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 10, "source_published_affected": "vendor/product: misp-project / misp; affected version context: 2.4.91", "source_published_impact": "Source describes XSS risk. Possible impact: This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for XSS risk.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: An issue was discovered in MISP 2.4.91. NVD: A vulnerability in app/View/Elements/eventattribute.ctp allows reflected XSS if a user clicks on a malicious link for an event view and then clicks on the deleted attributes quick filter. OSV: An issue was discovered in MISP 2.4.91.", "sources": [ "NVD", "OSV", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2018-11562/timeline.json", "vendor": "misp-project" }, { "affected_label": "misp-project / misp", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2018-12649/", "current_public_safe_latest": true, "cvss_score": 9.8, "cvss_severity": "CRITICAL", "epss_percentile": 0.70615, "epss_score": 0.01479, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2018-12649", "impact_tags": [], "kev": false, "last_observed_at": "2026-06-26T11:56:46.393687+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2018-12649.json", "product": "misp", "public_safe_summary": "NVD: An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. NVD: An adversary can bypass the brute-force protection by using a PUT HTTP method instead of a POST HTTP method in the login part, because this protection was only covering POST requests. OSV: An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260626T115741Z/items/CVE-2018-12649.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 10, "source_published_affected": "vendor/product: misp-project / misp; affected version context: 2.4.92", "source_published_impact": "This critical severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for critical severity review.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. NVD: An adversary can bypass the brute-force protection by using a PUT HTTP method instead of a POST HTTP method in the login part, because this protection was only covering POST requests. OSV: An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92.", "sources": [ "NVD", "OSV", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2018-12649/timeline.json", "vendor": "misp-project" }, { "affected_label": "medtronic / mycarelink_24952_patient_monitor_firmware", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2018-10622/", "current_public_safe_latest": true, "cvss_score": 5.2, "cvss_severity": "MEDIUM", "epss_percentile": 0.27916, "epss_score": 0.00361, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2018-10622", "impact_tags": [], "kev": false, "last_observed_at": "2026-06-26T11:56:46.393687+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2018-10622.json", "product": "mycarelink_24952_patient_monitor_firmware", "public_safe_summary": "NVD: Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. NVD: An attacker can use these credentials for network authentication.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260626T115741Z/items/CVE-2018-10622.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 10, "source_published_affected": "vendor/product: medtronic / mycarelink_24952_patient_monitor_firmware; affected version context: -", "source_published_impact": "This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for defensive exposure review.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. NVD: An attacker can use these credentials for network authentication.", "sources": [ "NVD", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2018-10622/timeline.json", "vendor": "medtronic" }, { "affected_label": "misp-project / misp", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2018-19908/", "current_public_safe_latest": true, "cvss_score": 8.8, "cvss_severity": "HIGH", "epss_percentile": 0.96701, "epss_score": 0.1716, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2018-19908", "impact_tags": [ "authenticated boundary review" ], "kev": false, "last_observed_at": "2026-06-26T11:56:46.393687+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2018-19908.json", "product": "misp", "public_safe_summary": "NVD: An issue was discovered in MISP 2.4.9x before 2.4.99. NVD: In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. NVD: This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filename of the STIX import.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260626T115741Z/items/CVE-2018-19908.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 10, "source_published_affected": "vendor/product: misp-project / misp", "source_published_impact": "Source describes authenticated boundary. Possible impact: This high severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for authenticated boundary.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: An issue was discovered in MISP 2.4.9x before 2.4.99. NVD: In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. NVD: This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filename of the STIX import.", "sources": [ "NVD", "OSV", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2018-19908/timeline.json", "vendor": "misp-project" }, { "affected_label": "misp-project / misp", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2019-9482/", "current_public_safe_latest": true, "cvss_score": 5.3, "cvss_severity": "MEDIUM", "epss_percentile": 0.49968, "epss_score": 0.00742, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2019-9482", "impact_tags": [ "authenticated boundary review" ], "kev": false, "last_observed_at": "2026-06-26T11:56:46.393687+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2019-9482.json", "product": "misp", "public_safe_summary": "NVD: In MISP 2.4.102, an authenticated user can view sightings that they should not be eligible for. NVD: Exploiting this requires access to the event that has received the sighting. NVD: The issue affects instances with restrictive sighting settings (event only / sighting reported only).", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260626T115741Z/items/CVE-2019-9482.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 10, "source_published_affected": "vendor/product: misp-project / misp; affected version context: 2.4.102", "source_published_impact": "Source describes authenticated boundary. Possible impact: This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for authenticated boundary.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: In MISP 2.4.102, an authenticated user can view sightings that they should not be eligible for. NVD: Exploiting this requires access to the event that has received the sighting. NVD: The issue affects instances with restrictive sighting settings (event only / sighting reported only).", "sources": [ "NVD", "OSV", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2019-9482/timeline.json", "vendor": "misp-project" }, { "affected_label": "misp-project / misp", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2019-10254/", "current_public_safe_latest": true, "cvss_score": 6.1, "cvss_severity": "MEDIUM", "epss_percentile": 0.5422, "epss_score": 0.00871, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2019-10254", "impact_tags": [ "XSS risk" ], "kev": false, "last_observed_at": "2026-06-26T11:56:46.393687+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2019-10254.json", "product": "misp", "public_safe_summary": "NVD: In MISP before 2.4.105, the app/View/Layouts/default.ctp default layout template has a Reflected XSS vulnerability. OSV: In MISP before 2.4.105, the app/View/Layouts/default.ctp default layout template has a Reflected XSS vulnerability.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260626T115741Z/items/CVE-2019-10254.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 10, "source_published_affected": "vendor/product: misp-project / misp", "source_published_impact": "Source describes XSS risk. Possible impact: This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for XSS risk.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: In MISP before 2.4.105, the app/View/Layouts/default.ctp default layout template has a Reflected XSS vulnerability. OSV: In MISP before 2.4.105, the app/View/Layouts/default.ctp default layout template has a Reflected XSS vulnerability.", "sources": [ "NVD", "OSV", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2019-10254/timeline.json", "vendor": "misp-project" }, { "affected_label": "misp-project / misp", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2019-11812/", "current_public_safe_latest": true, "cvss_score": 6.1, "cvss_severity": "MEDIUM", "epss_percentile": 0.52196, "epss_score": 0.00809, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2019-11812", "impact_tags": [ "XSS risk" ], "kev": false, "last_observed_at": "2026-06-26T11:56:46.393687+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2019-11812.json", "product": "misp", "public_safe_summary": "NVD: A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107. NVD: JavaScript can be included in the discussion interface, and can be triggered by clicking on the link. OSV: A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260626T115741Z/items/CVE-2019-11812.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 10, "source_published_affected": "vendor/product: misp-project / misp", "source_published_impact": "Source describes XSS risk. Possible impact: This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for XSS risk.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107. NVD: JavaScript can be included in the discussion interface, and can be triggered by clicking on the link. OSV: A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107.", "sources": [ "NVD", "OSV", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2019-11812/timeline.json", "vendor": "misp-project" }, { "affected_label": "misp-project / misp", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2019-11813/", "current_public_safe_latest": true, "cvss_score": 6.1, "cvss_severity": "MEDIUM", "epss_percentile": 0.51881, "epss_score": 0.008, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2019-11813", "impact_tags": [ "XSS risk" ], "kev": false, "last_observed_at": "2026-06-26T11:56:46.393687+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2019-11813.json", "product": "misp", "public_safe_summary": "NVD: An issue was discovered in app/View/Elements/Events/View/value_field.ctp in MISP before 2.4.107. NVD: There is persistent XSS via link type attributes with javascript:// links. OSV: An issue was discovered in app/View/Elements/Events/View/value_field.ctp in MISP before 2.4.107.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260626T115741Z/items/CVE-2019-11813.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 10, "source_published_affected": "vendor/product: misp-project / misp", "source_published_impact": "Source describes XSS risk. Possible impact: This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for XSS risk.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: An issue was discovered in app/View/Elements/Events/View/value_field.ctp in MISP before 2.4.107. NVD: There is persistent XSS via link type attributes with javascript:// links. OSV: An issue was discovered in app/View/Elements/Events/View/value_field.ctp in MISP before 2.4.107.", "sources": [ "NVD", "OSV", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2019-11813/timeline.json", "vendor": "misp-project" }, { "affected_label": "misp-project / misp", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2019-11814/", "current_public_safe_latest": true, "cvss_score": 6.1, "cvss_severity": "MEDIUM", "epss_percentile": 0.52195, "epss_score": 0.00809, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2019-11814", "impact_tags": [ "XSS risk" ], "kev": false, "last_observed_at": "2026-06-26T11:56:46.393687+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2019-11814.json", "product": "misp", "public_safe_summary": "NVD: An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107. NVD: There is persistent XSS via image names in titles, as demonstrated by a screenshot. OSV: An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260626T115741Z/items/CVE-2019-11814.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 10, "source_published_affected": "vendor/product: misp-project / misp", "source_published_impact": "Source describes XSS risk. Possible impact: This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for XSS risk.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107. NVD: There is persistent XSS via image names in titles, as demonstrated by a screenshot. OSV: An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107.", "sources": [ "NVD", "OSV", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2019-11814/timeline.json", "vendor": "misp-project" }, { "affected_label": "misp-project / misp", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2019-12794/", "current_public_safe_latest": true, "cvss_score": 6.6, "cvss_severity": "MEDIUM", "epss_percentile": 0.55901, "epss_score": 0.00926, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2019-12794", "impact_tags": [], "kev": false, "last_observed_at": "2026-06-26T11:56:46.393687+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2019-12794.json", "product": "misp", "public_safe_summary": "NVD: An issue was discovered in MISP 2.4.108. NVD: Organization admins could reset credentials for site admins (organization admins have the inherent ability to reset passwords for all of their organization's users). NVD: This, however, could be abused in a situation where the host organization of an instance creates organization admins.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260626T115741Z/items/CVE-2019-12794.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 10, "source_published_affected": "vendor/product: misp-project / misp; affected version context: 2.4.108", "source_published_impact": "This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for defensive exposure review.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: An issue was discovered in MISP 2.4.108. NVD: Organization admins could reset credentials for site admins (organization admins have the inherent ability to reset passwords for all of their organization's users). NVD: This, however, could be abused in a situation where the host organization of an instance creates organization admins.", "sources": [ "NVD", "OSV", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2019-12794/timeline.json", "vendor": "misp-project" }, { "affected_label": "misp-project / misp", "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2019-12868/", "current_public_safe_latest": true, "cvss_score": 7.2, "cvss_severity": "HIGH", "epss_percentile": 0.87442, "epss_score": 0.03434, "first_observed_at": "2026-06-24T06:58:56.748686+00:00", "id": "CVE-2019-12868", "impact_tags": [ "command execution review" ], "kev": false, "last_observed_at": "2026-06-26T11:56:46.393687+00:00", "latest_item_url": "https://vuln.signal-radar.com/data/vuln/items/CVE-2019-12868.json", "product": "misp", "public_safe_summary": "NVD: app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization. OSV: app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization.", "run_item_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260626T115741Z/items/CVE-2019-12868.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "snapshot_count": 10, "source_published_affected": "vendor/product: misp-project / misp; affected version context: 2.4.109", "source_published_impact": "Source describes command execution risk. Possible impact: An attacker may be able to run code or commands on affected systems.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization. OSV: app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization.", "sources": [ "NVD", "OSV", "Vendor Advisory" ], "timeline_url": "https://vuln.signal-radar.com/data/vuln/archive/cves/CVE-2019-12868/timeline.json", "vendor": "misp-project" } ], "public_safe_only": true, "radar": "vuln", "run_id": "20260626T115741Z", "run_index_url": "https://vuln.signal-radar.com/data/vuln/archive/runs/20260626T115741Z/index.json", "safety": { "auto_remediation_allowed": false, "exploit_detail_allowed": false, "external_execution_allowed": false, "github_issue_creation_allowed": false, "noindex_removal_allowed": true, "noindex_required": false, "patch_allowed": false, "public_launch_allowed": true, "public_safe_only": true, "raw_source_included": false, "read_only": true, "scan_allowed": false, "signal_radar_integration_allowed": false }, "schema_version": "v0.1" }