CVE-2026-55474
Snipe-IT (IT asset/license management) is affected by a directory-traversal in ActionlogController::displaySig prior to version 8.5.0. The route filename parameter is concatenated into a private upload-directory path without sanitization, enabling an authenticated attacker to read arbitrary files...