| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-39980 | OpenCTI affected by RCE via notifier template | OpenCTI-Platform | opencti | Critical | 9.1 | 2026-04-09 16:54:32 | Deep Dive |
| CVE-2026-21886 | OpenCTI's GraphQL Mutations Allow Deletion of Unrelated Entities | OpenCTI-Platform | opencti | Medium | 6.5 | 2026-03-17 15:26:31 | Deep Dive |
| CVE-2026-21887 | OpenCTI has a Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature | OpenCTI-Platform | opencti | High | 7.7 | 2026-03-12 17:00:44 | Deep Dive |
| CVE-2020-37044 | OpenCTI 3.3.1 - Cross Site Scripting | Filigran | OpenCTI | Medium | 5.4 | 2026-01-30 22:07:17 | Deep Dive |
| CVE-2020-37041 | OpenCTI 3.3.1 - Directory Traversal | Filigran | OpenCTI | High | 7.5 | 2026-01-30 22:07:15 | Deep Dive |
| CVE-2025-61782 | Open Redirect in OpenCTI's SAML Authentication Flow | OpenCTI-Platform | opencti | Medium | 5.4 | 2026-01-07 17:28:54 | Deep Dive |
| CVE-2025-61781 | GraphQL IDOR allows authenticated user to delete workspace content of other users | OpenCTI-Platform | opencti | High | 7.1 | 2026-01-05 17:53:23 | Deep Dive |
| CVE-2025-46732 | OpenCTI's GraphQL IDOR enables authenticated users to modify or delete notifications of other users | OpenCTI-Platform | opencti | Medium | 5.4 | 2025-07-18 15:05:11 | Deep Dive |
| CVE-2025-26621 | OpenCTI vulnerable to Denial of Service through web hook | OpenCTI-Platform | opencti | High | 7.6 | 2025-05-19 16:01:50 | Deep Dive |
| CVE-2025-24977 | OpenCTI has remote code execution and sensitive secrets exposed through web hook | OpenCTI-Platform | opencti | Critical | 9.1 | 2025-05-05 17:07:36 | Deep Dive |
| CVE-2025-24887 | OpenCTI bypass of protected attribute update | OpenCTI-Platform | opencti | Medium | 6.3 | 2025-04-30 18:27:25 | Deep Dive |
| CVE-2024-45805 | OpenCTI leaks support information due to inadequate access control | OpenCTI-Platform | opencti | Medium | 4.3 | 2024-12-26 21:34:49 | Deep Dive |
| CVE-2024-45404 | OpenCTI's lack of Rate Limit lead to OTP brute forcing | OpenCTI-Platform | opencti | High | 8.1 | 2024-12-11 22:01:47 | Deep Dive |
| CVE-2024-37155 | OpenCTI May Bypass Introspection Restriction | OpenCTI-Platform | opencti | Medium | 6.5 | 2024-11-18 15:06:33 | Deep Dive |
| CVE-2024-26139 | OpenCTI Authenticated Privilege Escalation | OpenCTI-Platform | opencti | High | 8.3 | 2024-05-23 11:47:44 | Deep Dive |