CVE-2025-26621

HIGH Year: 2025
CVSS v3 Score
7.6
High
Weakness Type
CWE-94
View all →

Vulnerability Description

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any user with the capability manage customizations can edit webhook that will execute javascript code. This can be abused to cause a denial of service attack by prototype pollution, making the node js server running the OpenCTI frontend become unavailable. Version 6.5.2 fixes the issue.

Related Vulnerabilities

CVE-2021-38448

HIGH
CVSS:7.6(High)

The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software.

CWE-942021

CVE-2022-3721

HIGH
CVSS:7.6(High)

Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39.

CWE-942022

CVE-2024-21689

HIGH
CVSS:7.6(High)

This High severity RCE (Remote Code Execution) vulnerability CVE-2024-21689 was introduced in versions 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This RCE (Remote C...

CWE-942024

CVE-2024-27705

HIGH
CVSS:7.6(High)

Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers to execute arbitrary code via upload of crafted PDF file to the files/browse endpoint.

CWE-942024

CVE-2024-29399

HIGH
CVSS:7.6(High)

An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component.

CWE-942024