We are reliable, trustworthy, and ready for challenges! Hire Us
Advisories
- Home
- Advisories
Vulnerability advisories
The list below presents the vulnerabilities discovered by Zigrin Security researchers. Detailed information such as recommendations can be seen after clicking on a specific vulnerability.
Disclosed vulnerabilities discovered by Zigrin Security researchers
Leave your email to schedule
a free 15 minutes online call with us.
We will ask you about your web application and help you find solutions to improve its security.
CVE
Vulnerability
Affected Vendor & Product
CVSS
Date
CVE-2023-45958
Reflected cross-site scripting (XSS)
thirty bees – Core
4.8 Medium
09.10.2023
CVE-2023-45957
Stored cross-site scripting (XSS)
thirty bees – Core
6.9 Medium
09.10.2023
CVE-2023-52264
Reflected cross-site scripting
thirty bees – beesblog module
8.2 High
06.10.2023
CVE-2023-48659
Reflected Cross-Site Scripting in Galaxies
CIRCL – MISP Platform
5.4 Medium
13.09.2023
CVE-2023-48657,
CVE-2023-48658
CVE-2023-48658
Time-based SQL injection in /Logs/index
CIRCL – MISP Platform
7.2 High
13.09.2023
CVE-2023-48655
Blind SQL injection in array input parameters
CIRCL – MISP Platform
8.8 High
12.09.2023
CVE-2023-48656
Blind SQL injection in order parameter
CIRCL – MISP Platform
8.8 High
07.09.2023
CVE-2023-37307
Stored XSS
CIRCL – MISP Platform
7.6 High
03.06.2023
CVE-2023-2541
Sensitive information disclosure
KNIME Business Hub
5.3 Medium
07.06.2021
CVE-2023-28884
DOM-based XSS
CIRCL – MISP Platform
6.1 Medium
27.03.2023
CVE-2023-28883
Blind SQL injection
CIRCL- Cerebrate
9.8 Critical
27.03.2023
CVE-2023-24070
XSS in add action of the AuthKeys controller
CIRCL – MISP Platform
3.0 Low
23.01.2023
CVE-2022-47928
Reflected XSS in “uploadFile” action of the Templates controller
CIRCL – MISP Platform
6.1 Medium
22.12.2022
CVE-2022-48328
SQL injection in CRUD component
CIRCL – MISP Platform
8.8 High
10.11.2022
CVE-2022-45194
External XML entity injection
Bruhn NewTech – CBRN-Analysis
3.8 Low
10.11.2022
CVE-2022-45193
Unprotected storage of application files
Bruhn NewTech – CBRN-Analysis
5.9 Medium
10.11.2022
CVE-2022-29534
Password confirmation can be bypassed
CIRCL – MISP Platform
3.1 Low
20.04.2022
CVE-2022-29533
XSS in app/Controller/OrganisationsController.php
CIRCL – MISP Platform
6.1 Medium
20.04.2022
CVE-2022-29532
XSS in the Cerebrate view
CIRCL – MISP Platform
4.8 Medium
20.04.2022
CVE-2022-29531
Stored XSS in the event graph
CIRCL – MISP Platform
5.4 Medium
20.04.2022
CVE-2022-29530
Stored XSS in the galaxy clusters
CIRCL – MISP Platform
5.4 Medium
20.04.2022
CVE-2022-29529
Stored XSS via the LinOTP login field
CIRCL – MISP Platform
5.4 Medium
20.04.2022
CVE-2022-29528
PHAR deserialization
CIRCL – MISP Platform
9.8 Critical
20.04.2022
CVE-2022-25321
Cross Site Scripting (XSS) in Cerebrate bookmarks
CIRCL – Cerebrate
6.1 Medium
18.02.2022
CVE-2022-25320
Username enumeration
CIRCL – Cerebrate
5.3 Medium
18.02.2022
CVE-2022-25319
Endpoints could be open even when not enabled
CIRCL – Cerebrate
5.3 Medium
18.02.2022
CVE-2022-25318
An incorrect sharing group ACL
CIRCL – Cerebrate
4.3 Medium
18.02.2022
CVE-2022-25317
Reflected XSS in form descriptions
CIRCL – Cerebrate
6.1 Medium
18.02.2022
CVE-2021-45096
External XML entity injection
KNIME Analytics Platform
4.7 Medium
16.12.2021
CVE-2021-45097
Weak file permissions
KNIME Server
2.9 Low
16.12.2021
CVE-2021-44726
DOM-based XSS in a login panel
KNIME Server
8.8 High
10.12.2021
CVE-2021-44725
Directory Path Traversal in the profiles section
KNIME Server
7.5 High
10.12.2021
CVE-2021-42369
SQL injection vulnerability in contacts CSV export
Imagicle Application Suite for Cisco UC
9.9 Critical
29.10.2021
CVE-2021-41326
Command Injection vulnerability in Opendata export
CIRCL – MISP Platform
9.9 Critical
29.09.2021
CVE-2021-37742
Stored XSS when viewing Galaxy Cluster Relationships
CIRCL – MISP Platform
5.4 Medium
29.09.2021
CVE-2020-25216
XSLT Remote Code Execution in XML when opening XML files together with custom stylesheets
yworks yEd Graph Editor
8.3 High
07.10.2020
CVE-2020-25215
XML External Entity injection when opening XML files
yworks yEd Graph Editor
2.9 Low
07.10.2020
CVE-2020-9407
Information disclosure in cookie
IBL Online Weather
3.1 Low
26.02.2020
CVE-2020-9406
Command injection in queryBCP method
IBL Online Weather
10.0 Critical
26.02.2020
CVE-2020-9405
Reflected XSS in redirect page
IBL Online Weather
7.1 High
26.02.2020
CVE-2020-8894
Mishandling of discussion threads ACLs
CIRCL – MISP Platform
5.4 Medium
25.02.2020
CVE-2020-8893
Reflected XSS in Galaxy view
CIRCL – MISP Platform
6.1 Medium
25.02.2020
CVE-2020-8890
Bruteforce protection not working in very specific environments
CIRCL – MISP Platform
3.7 Low
25.02.2020
CVE-2019-12868
Command injection via phar:// deserialization
CIRCL – MISP Platform
9.1 Critical
16.06.2019
CVE-2018-11245
XSS with cortex type attributes
CIRCL – MISP Platform
6.4 Medium
18.05.2018
CVE-2017-16802
XSS in the sharingGroupPopulateOrganisations function
CIRCL – MISP Platform
4.4 Medium
13.11.2017
CVE-2017-16876
Stored XSS vulnerability in the _keyify function
Lepture – Mistune
6.1 Medium
07.11.2017
CVE
CVE-2023-45958
Vulnerability
Reflected cross-site scripting (XSS)
Affected vendor & Product
thirty bees – Core
CVSS
4.8 Medium
Date
09.10.2023
CVE
CVE-2023-45957
Vulnerability
Stored cross-site scripting (XSS)
Affected vendor & Product
thirty bees – Core
CVSS
6.9 Medium
Date
09.10.2023
CVE
CVE-2023-52264
Vulnerability
Reflected cross-site scripting
Affected vendor & Product
thirty bees – beesblog module
CVSS
8.2 High
Date
06.10.2023
CVE
CVE-2023-48659
Vulnerability
Reflected Cross-Site Scripting in Galaxies
Affected vendor & Product
CIRCL – MISP Platform
CVSS
5.4 Medium
Date
13.09.2023
CVE
CVE-2023-48657, CVE-2023-48658
Vulnerability
Time-based SQL injection in /Logs/index
Affected vendor & Product
CIRCL – MISP Platform
CVSS
7.2 High
Date
13.09.2023
CVE
CVE-2023-48655
Vulnerability
Blind SQL injection in array input parameters
Affected vendor & Product
CIRCL – MISP Platform
CVSS
8.8 High
Date
12.09.2023
CVE
CVE-2023-48656
Vulnerability
Blind SQL injection in order parameter
Affected vendor & Product
CIRCL – MISP Platform
CVSS
8.8 High
Date
07.09.2023
CVE
CVE-2023-37307
Vulnerability
Stored XSS
Affected vendor & Product
CIRCL – MISP Platform
CVSS
7.6 High
Date
03.06.2023
CVE
CVE-2023-2541
Vulnerability
Sensitive information disclosure
Affected vendor & Product
KNIME Business Hub
CVSS
5.3 Medium
Date
07.06.2021
CVE
CVE-2023-28884
Vulnerability
DOM-based XSS
Affected vendor & Product
CIRCL – MISP Platform
CVSS
6.1 Medium
Date
27.03.2023
CVE
CVE-2023-28883
Vulnerability
Blind SQL injection
Affected vendor & Product
CIRCL – Cerebrate
CVSS
9.8 Critical
Date
27.03.2023
CVE
CVE-2023-24070
Vulnerability
XSS in add action of the AuthKeys controller
Affected vendor & Product
CIRCL – MISP Platform
CVSS
3.0 Low
Date
23.01.2023
CVE
CVE-2022-47928
Vulnerability
Reflected XSS in “uploadFile” action of the Templates controller
Affected vendor & Product
CIRCL – MISP Platform
CVSS
6.1 Medium
Date
22.12.2022
CVE
CVE-2022-48328
Vulnerability
SQL injection in CRUD component
Affected vendor & Product
CIRCL – MISP Platform
CVSS
8.8 High
Date
10.11.2022
CVE
CVE-2022-45194
Vulnerability
External XML entity injection
Affected vendor & Product
Bruhn NewTech – CBRN-Analysis
CVSS
3.8 Low
Date
10.11.2022
CVE
CVE-2022-45193
Vulnerability
Unprotected storage of application files
Affected vendor & Product
Bruhn NewTech – CBRN-Analysis
CVSS
5.9 Medium
Date
10.11.2022
CVE
CVE-2022-29534
Vulnerability
Password confirmation can be bypassed
Affected vendor & Product
CIRCL – MISP Platform
CVSS
7.5 High
Date
20.04.2022
CVE
CVE-2022-29533
Vulnerability
XSS in app/Controller/OrganisationsController.php
Affected vendor & Product
CIRCL – MISP Platform
CVSS
6.1 Medium
Date
20.04.2022
CVE
CVE-2022-29532
Vulnerability
XSS in the Cerebrate view
Affected vendor & Product
CIRCL – MISP Platform
CVSS
4.8 Medium
Date
20.04.2022
CVE
CVE-2022-29531
Vulnerability
Stored XSS in the event graph
Affected vendor & Product
CIRCL – MISP Platform
CVSS
5.4 Medium
Date
20.04.2022
CVE
CVE-2022-29530
Vulnerability
Stored XSS in the galaxy clusters
Affected vendor & Product
CIRCL – MISP Platform
CVSS
5.4 Medium
Date
20.04.2022
CVE
CVE-2022-29529
Vulnerability
stored XSS via the LinOTP login field
Affected vendor & Product
CIRCL – MISP Platform
CVSS
5.4 Medium
Date
20.04.2022
CVE
CVE-2022-29528
Vulnerability
PHAR deserialization
Affected vendor & Product
CIRCL – MISP Platform
CVSS
9.8 Critical
Date
20.04.2022
CVE
CVE-2022-25321
Vulnerability
Cross Site Scripting (XSS) in Cerebrate bookmarks
Affected vendor & Product
CIRCL – Cerebrate
CVSS
6.1 Medium
Date
18.02.2022
CVE
CVE-2022-25320
Vulnerability
Username enumeration
Affected vendor & Product
CIRCL – Cerebrate
CVSS
5.3 Medium
Date
18.02.2022
CVE
CVE-2022-25319
Vulnerability
Endpoints could be open even when not enabled
Affected vendor & Product
CIRCL – Cerebrate
CVSS
5.3 Medium
Date
18.02.2022
CVE
CVE-2022-25318
Vulnerability
An incorrect sharing group ACL
Affected vendor & Product
CIRCL – Cerebrate
CVSS
4.3 Medium
Date
18.02.2022
CVE
CVE-2022-25317
Vulnerability
Reflected XSS in form descriptions
Affected vendor & Product
CIRCL – Cerebrate
CVSS
6.1 Medium
Date
18.02.2022
CVE
CVE-2021-45096
Vulnerability
External XML entity injection
Affected vendor & Product
KNIME Analytics Platform
CVSS
4.7 Medium
Date
16.12.2021
CVE
CVE-2021-45097
Vulnerability
Weak file permissions
Affected vendor & Product
KNIME Server
CVSS
2.9 Low
Date
16.12.2021
CVE
CVE-2021-44726
Vulnerability
DOM-based XSS in a login panel
Affected vendor & Product
KNIME Server
CVSS
8.8 High
Date
10.12.2021
CVE
CVE-2021-44725
Vulnerability
Directory Path Traversal in the profiles section
Affected vendor & Product
KNIME Server
CVSS
7.5 High
Date
10.12.2021
CVE
CVE-2021-42369
Vulnerability
SQL injection vulnerability in contacts CSV export
Affected vendor & Product
Imagicle Application Suite for Cisco UC
CVSS
9.9 Critical
Date
29.10.2021
CVE
CVE-2021-41326
Vulnerability
Command Injection vulnerability in Opendata export
Affected vendor & Product
CIRCL – MISP Platform
CVSS
9.9 Critical
Date
29.09.2021
CVE
CVE-2021-37742
Vulnerability
Stored XSS when viewing Galaxy Cluster Relationships
Affected vendor & Product
CIRCL – MISP Platform
CVSS
5.4 Medium
Date
29.09.2021
CVE
CVE-2020-25216
Vulnerability
XSLT Remote Code Execution in XML when opening XML files together with custom stylesheets
Affected vendor & Product
yworks yEd Graph Editor
CVSS
8.3 High
Date
07.10.2020
CVE
CVE-2020-25215
Vulnerability
XML External Entity injection when opening XML files
Affected vendor & Product
yworks yEd Graph Editor
CVSS
2.9 Low
Date
07.10.2020
CVE
CVE-2020-9407
Vulnerability
Information disclosure in cookie
Affected vendor & Product
IBL Online Weather
CVSS
3.1 Low
Date
26.02.2020
CVE
CVE-2020-9406
Vulnerability
Command injection in queryBCP method
Affected vendor & Product
IBL Online Weather
CVSS
10.0 Critical
Date
26.02.2020
CVE
CVE-2020-9405
Vulnerability
Reflected XSS in redirect page
Affected vendor & Product
IBL Online Weather
CVSS
7.1 High
Date
26.02.2020
CVE
CVE-2020-8894
Vulnerability
Mishandling of discussion threads ACLs
Affected vendor & Product
CIRCL – MISP Platform
CVSS
5.4 Medium
Date
25.02.2020
CVE
CVE-2020-8893
Vulnerability
Reflected XSS in Galaxy view
Affected vendor & Product
CIRCL – MISP Platform
CVSS
6.1 Medium
Date
25.02.2020
CVE
CVE-2020-8890
Vulnerability
Bruteforce protection not working in very specific environments
Affected vendor & Product
CIRCL – MISP Platform
CVSS
3.7 Low
Date
25.02.2020
CVE
CVE-2019-12868
Vulnerability
Command injection via phar:// deserialization
Affected vendor & Product
CIRCL – MISP Platform
CVSS
9.1 Critical
Date
16.06.2019
CVE
CVE-2018-11245
Vulnerability
XSS with cortex type attributes
Affected vendor & Product
CIRCL – MISP Platform
CVSS
6.4 Medium
Date
18.05.2018
CVE
CVE-2017-16802
Vulnerability
XSS in the sharingGroupPopulateOrganisations function
Affected vendor & Product
CIRCL – MISP Platform
CVSS
4.4 Medium
Date
13.11.2017
CVE
CVE-2017-16876
Vulnerability
Stored XSS vulnerability in the _keyify function
Affected vendor & Product
Lepture – Mistune
CVSS
6.1 Medium
Date
07.11.2017
Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.