WordPress WP Full Stripe Free plugin <= 8.4.1 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by hhhai in WordPress Plugin WP Full Stripe Free versions = 8.4.1...

Open Redirect

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Open Redirect via the unvalidated HTTP Referer header stored in a session variable. An attacker can redirect users to arbitrary external sites by crafting a malicious link a...

CVE-2026-44833

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. This vulnerability is fixed in 8.4.1...

CVE-2026-44833 Snipe-IT: Open redirect vulnerability

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. This vulnerability is fixed in 8.4.1...

EUVD-2026-31962

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/id with permissionsadmin=1. The API controller only strips the superuser key from the...

CVE-2026-44831 Snipe-IT: XSS vulnerability in component notes

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting XSS. This vulnerability is fixed in 8.4.1...

CVE-2026-44831

CVE-2026-44831 affects Snipe-IT, an IT asset/license management system. Prior to v8.4.1, users with component view access could trigger stored XSS via an unescaped notes field in the component checkout process. The issue is fixed in v8.4.1 or later. If you are using versions before 8.4.1, upgrade...

CVE-2026-44831

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting XSS. This vulnerability is fixed in 8.4.1...

Snipe-IT has insecure permissions in file uploads

Insecure Permissions vulnerability in grokability snipe-it versions through 8.4.0, fixed after 2026-03-10 commit 676a9958, allow a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component Impact Users who can view assets, consumables, etc we...

Access Control Bypass

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Access Control Bypass via the app/Http/Controllers/Api/UploadedFilesController.php component. An attacker can gain unauthorized access and potentially execute arbitrary code...

Snipe-IT has Privilege Escalation via API Permissions Assignment

Impact An authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/id with permissionsadmin=1. The API controller only strips the superuser key from the permissions array, allowing admin and all other permission keys...

GHSA-R42M-953Q-6VJX Snipe-IT has Stored XSS via Component Checkout Notes (v8.4.0)

Impact Users with component view access could be impacted by an unescaped notes column. Patches This was patched in https://github.com/grokability/snipe-it/commit/28f493d84d057895fbb93b6570e7393a2c2fa438, and is fixed in v8.4.1 or greater. Workarounds None...

[SECURITY] Fedora 42 Update: mapserver-8.4.1-3.fc42

MapServer is an Open Source platform for publishing spatial data and interactive mapping applications to the web...

PT-2026-21831

Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager, Hitachi Device Manager allows Session Hijacking.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.5-00; Hitachi Configuration Manager: from...

CVE-2023-49825

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: mysql (UTSA-2025-984887)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-984887 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.38 and prior, 8.4.1 and prior and 9.0.1 and...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: mysql (UTSA-2025-984840)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-984840 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Thread Pooling. Supported versions that are affected are 8.0.39 and prior, 8.4.1 and pri...

Fedora 43 : mapserver (2025-5b5dedacb2)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-5b5dedacb2 advisory. Update to mapserver-8.4.1, fixes CVE-2025-59431. Tenable has extracted the preceding description block directly from the Fedora security advisory...

DEBIAN-CVE-2025-59431

MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipula...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the PropertyName directive in XML Filter Query processing. An attacker can manipulate backend database queries by injecting specially crafted input containing double quote characters. Remediation Upgrade mapserver to...