Every CVE whose affected-product data names Citeum Opencti, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2026-27960 — CVSS 9.8 (critical): OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12…
CVE-2025-24977 — CVSS 9.1 (critical): OpenCTI is an open cyber threat intelligence (CTI) platform. Prior to version 6.4.11 any user with the capability `manage customizations`…
CVE-2026-39980 — CVSS 9.1 (critical): OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.5, the safeEjs.ts file…
CVE-2024-26139 — CVSS 8.3 (high): OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack…
CVE-2024-45404 — CVSS 8.1 (high): OpenCTI is an open-source cyber threat intelligence platform. In versions below 6.2.18, because the function to limit the rate of OTP does…
CVE-2026-21887 — CVSS 7.7 (high): OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI…
CVE-2025-26621 — CVSS 7.6 (high): OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any user with…
CVE-2020-37041 — CVSS 7.5 (high): OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary…
CVE-2022-30290 — CVSS 7.5 (high): In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the…
CVE-2026-44730 — CVSS 7.2 (high): OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.7, an organization admin…
CVE-2025-61781 — CVSS 7.1 (high): OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.1, the GraphQL…
CVE-2026-21886 — CVSS 6.5 (medium): OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL…
CVE-2024-37155 — CVSS 6.5 (medium): OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Prior to…
CVE-2025-24887 — CVSS 6.3 (medium): OpenCTI is an open-source cyber threat intelligence platform. In versions starting from 6.4.8 to before 6.4.10, the allow/deny lists can be…
CVE-2026-35212 — CVSS 6.1 (medium): OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Versions prior to 7.260227.0 are…
CVE-2022-30289 — CVSS 5.4 (medium): A stored Cross-site Scripting (XSS) vulnerability was identified in the Data Import functionality of OpenCTI through 5.2.4. An attacker can…
CVE-2025-61782 — CVSS 5.4 (medium): OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.3, an open…
CVE-2025-46732 — CVSS 5.4 (medium): OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR…
CVE-2020-37044 — CVSS 5.4 (medium): OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoint. An attacker can inject arbitrary…
CVE-2024-45805 — CVSS 4.3 (medium): OpenCTI is an open-source cyber threat intelligence platform. Before 6.3.0, general users can access information that can only be accessed…