threat
engine
.sh
Back
·
··:··
Home
/
Product
/
citeum opencti
Product
citeum opencti
18 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-27960
>= 6.9.0 and < 6.9.13
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9
9.8
CRITICAL
CVE-2026-39980
< 6.9.5
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.5, the safeEjs.t
9.1
CRITICAL
CVE-2026-21886
< 6.9.1
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the G
6.5
MEDIUM
CVE-2026-21887
< 6.8.16
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI
7.7
HIGH
CVE-2020-37044
all versions
OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoint. An attacker can inject arb
5.4
MEDIUM
CVE-2020-37041
all versions
OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbi
7.5
HIGH
CVE-2025-61782
< 6.8.3
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.3, an op
5.4
MEDIUM
CVE-2025-61781
< 6.8.1
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.1, the G
7.1
HIGH
CVE-2025-46732
< 6.6.6
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an ID
5.4
MEDIUM
CVE-2025-26621
< 6.5.2
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any u
7.6
HIGH
CVE-2025-24977
>= 6.4.8 and < 6.4.11
OpenCTI is an open cyber threat intelligence (CTI) platform. Prior to version 6.4.11 any user with the capability `manage customiz
9.1
CRITICAL
CVE-2025-24887
> 6.4.8 and <= 6.4.10
OpenCTI is an open-source cyber threat intelligence platform. In versions starting from 6.4.8 to before 6.4.10, the allow/deny lis
6.3
MEDIUM
CVE-2024-45805
< 6.3.0
OpenCTI is an open-source cyber threat intelligence platform. Before 6.3.0, general users can access information that can only be
4.3
MEDIUM
CVE-2024-45404
< 6.2.18
OpenCTI is an open-source cyber threat intelligence platform. In versions below 6.2.18, because the function to limit the rate of
8.1
HIGH
CVE-2024-37155
< 6.1.9
OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Pri
6.5
MEDIUM
CVE-2024-26139
<= 5.12.31
OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due
8.3
HIGH
CVE-2022-30290
<= 5.2.4
In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse
7.5
HIGH
CVE-2022-30289
<= 5.2.4
A stored Cross-site Scripting (XSS) vulnerability was identified in the Data Import functionality of OpenCTI through 5.2.4. An att
5.4
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin