| CVE-2026-27960 |
critical |
9.8 |
9.8 |
|
|
|
29d ago |
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploi… |
| CVE-2026-44730 |
high |
7.2 |
7.2 |
|
|
|
8d ago |
OpenCTI: Privilege escalation via graphQL API is abusable by organization admins, due to incorrect ACL on userEdit relationAdd |
| CVE-2026-21886 |
unknown |
— |
— |
|
|
|
3mo ago |
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualDeletionDeleteMutation" is intended to al… |
| CVE-2026-21887 |
unknown |
— |
— |
|
|
|
3mo ago |
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI platform’s data ingestion feature accepts user-supplied URLs without … |
| CVE-2020-37044 |
unknown |
— |
— |
|
|
|
4mo ago |
OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoint. An attacker can inject arbitrary JavaScript code by sending a crafted GET request with a malici… |
| CVE-2020-37041 |
unknown |
— |
— |
|
|
|
4mo ago |
OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with … |
| CVE-2025-61781 |
unknown |
— |
— |
|
|
|
5mo ago |
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.1, the GraphQL mutation "WorkspacePopoverDeletionMutation" allows users to de… |
| CVE-2025-46732 |
unknown |
— |
— |
|
|
|
11mo ago |
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR vulnerability in the GrapQL `NotificationLineNotificationMarkReadM… |
| CVE-2025-26621 |
unknown |
— |
— |
|
|
|
1y ago |
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any user with the capability manage customizations can edit webhook that w… |
| CVE-2025-24977 |
unknown |
— |
— |
|
|
|
1y ago |
OpenCTI is an open cyber threat intelligence (CTI) platform. Prior to version 6.4.11 any user with the capability `manage customizations` can execute commands on the underlying infrastructure where O… |
| CVE-2025-24887 |
unknown |
— |
— |
|
|
|
1y ago |
OpenCTI is an open-source cyber threat intelligence platform. In versions starting from 6.4.8 to before 6.4.10, the allow/deny lists can be bypassed, allowing a user to change attributes that are int… |
| CVE-2024-45805 |
unknown |
— |
— |
|
|
|
1y ago |
OpenCTI is an open-source cyber threat intelligence platform. Before 6.3.0, general users can access information that can only be accessed by users with access privileges to admin and support informa… |
| CVE-2024-45404 |
unknown |
— |
— |
|
|
|
2y ago |
OpenCTI is an open-source cyber threat intelligence platform. In versions below 6.2.18, because the function to limit the rate of OTP does not exist, an attacker with valid credentials or a malicious… |
| CVE-2024-26139 |
unknown |
— |
— |
|
|
|
2y ago |
OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack of certain security controls on the profile edit functionali… |
| CVE-2022-30290 |
unknown |
— |
— |
|
|
|
4y ago |
In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their re… |
| CVE-2022-30289 |
unknown |
— |
— |
|
|
|
4y ago |
A stored Cross-site Scripting (XSS) vulnerability was identified in the Data Import functionality of OpenCTI through 5.2.4. An attacker can abuse the vulnerability to upload a malicious file that wil… |
