VYPR
Vendor

StrangeBee

Products
3
CVEs
7
Across products
12
Status
Private

Products

3

Recent CVEs

7
  • CVE-2023-39069CriSep 11, 2023
    risk 0.64cvss 9.8epss 0.01

    An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to gain privileges via Active Directory authentication mechanism.

  • CVE-2025-48738MedMay 23, 2025
    risk 0.45cvss epss 0.00

    An e-mail flooding vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows unauthenticated remote attackers to use the password reset feature without limits. This can lead to several consequences, including…

  • CVE-2025-48741MedMay 23, 2025
    risk 0.44cvss epss 0.00

    A Broken Access Control vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, and 5.4.0 before 5.4.10 allows remote, authenticated, and unprivileged users to retrieve alerts, cases, logs, observables, or tasks, regardless of the user's permissions,…

  • CVE-2025-48740MedMay 23, 2025
    risk 0.38cvss epss 0.00

    A Cross-Site Request Forgery (CSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows a remote attacker to trigger requests on their victim's behalf, if the attacker lures a privileged user,…

  • CVE-2024-22877MedJan 19, 2024
    risk 0.35cvss 5.4epss 0.00

    StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case reporting functionality. This feature allows an attacker to insert malicious JavaScript code inside the template or its variables, that will be executed in the context of the TheHive…

  • CVE-2024-22876MedJan 19, 2024
    risk 0.35cvss 5.4epss 0.00

    StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application…

  • CVE-2025-48739MedMay 23, 2025
    risk 0.30cvss epss 0.00

    A Server-Side Request Forgery (SSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows remote authenticated attackers with admin permissions (allowing them to access specific API endpoints) to…