Lucene search
K

18 matches found

NVD
NVD
added yesterday5 views

CVE-2026-55452

Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction stores the request User-Agent header and ReportsController::postActivityReport writes that value to the Activity Report CSV without formula escaping, allowing a low-privileged authenticated user to store a...

4.8CVSS
Exploits0References3
Cvelist
Cvelist
added yesterday8 views

CVE-2026-55452 Snipe-IT: CSV formula injection in Activity Report export

Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction stores the request User-Agent header and ReportsController::postActivityReport writes that value to the Activity Report CSV without formula escaping, allowing a low-privileged authenticated user to store a...

4.8CVSS
Exploits0References3
CVE
CVE
added yesterday6 views

CVE-2026-55452

Technical details about CVE-2026-55452 are not publicly available in the provided documents. Monitor for updates.

4.8CVSS6.2AI score
Exploits0References3
NVD
NVD
added 2026/04/13 4:16 p.m.3 views

CVE-2025-63743

Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via "Name" and "Surname" fields. The JavaScript code is execut...

5.4CVSS0.00233EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/13 12:0 a.m.3 views

CVE-2025-63743

Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via "Name" and "Surname" fields. The JavaScript code is execut...

5.9AI score0.00233EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/04/13 12:0 a.m.4 views

CVE-2025-63743

Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via "Name" and "Surname" fields. The JavaScript code is execut...

5.9AI score0.00233EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/13 12:0 a.m.31 views

CVE-2025-63743

Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via "Name" and "Surname" fields. The JavaScript code is execut...

0.00233EPSS
Exploits1References2
Circl
Circl
added 2026/02/02 2:24 p.m.3 views

CERTFR-2026-ACT-005

creationtimestamp| type| source ---|---|--- 2026-02-02 14:24:55+00:00| seen| https://bsky.app/profile/cert-fr.bsky.social/post/3mdv2f55uwk26 2026-02-02 15:42:59+00:00| seen| https://bsky.app/profile/infosecfr.skyfleet.blue/post/3mdv6qqjhxb2m 2026-02-06 23:48:20+00:00| seen|...

5.1AI score
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2012-5969

Malware in sbrugna...

4CVSS6.2AI score0.01118EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-7001

Malicious code in bioql PyPI...

4.3CVSS5AI score0.00535EPSS
Exploits0References4
Circl
Circl
added 2025/05/28 6:24 p.m.14 views

CVE-2025-1461

creationtimestamp| type| source ---|---|--- 2025-05-28 18:24:14+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqat6suri5a2...

5.6CVSS7AI score0.00268EPSS
Exploits1References1
Circl
Circl
added 2025/03/03 3:58 p.m.13 views

CVE-2018-8639

creationtimestamp| type| source ---|---|--- 2025-03-03 15:58:10+00:00| seen| https://feedsin.space/feed/CISAKevBot/items/3472167 2025-03-03 18:10:03+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2025-03-03 19:03:10+00:00| seen| https://bsky.app/profile/hackingne.ws/post/3ljinbdwlgm23...

8.4CVSS7.4AI score0.22349EPSS
Exploits0References23
Circl
Circl
added 2025/01/29 4:45 p.m.3 views

CERTFR-2022-ALE-009

creationtimestamp| type| source ---|---|--- 2025-01-29 16:45:57+00:00| seen| https://bsky.app/profile/tuxpanik.bsky.social/post/3lgvg7ltm3o2o...

7.2AI score
Exploits0References1
Circl
Circl
added 2025/01/27 2:8 p.m.5 views

CVE-2025-24533

creationtimestamp| type| source ---|---|--- 2025-01-27 14:08:31+00:00| seen| https://infosec.exchange/users/cve/statuses/113900710198750560 2025-01-27 14:16:12+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgq4vyfecg2j 2025-01-27 14:55:05+00:00| seen|...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References4
Prion
Prion
added 2013/01/27 10:55 p.m.20 views

Authentication flaw

report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an activity report...

4CVSS6.7AI score0.01118EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2013/01/27 10:55 p.m.3 views

UBUNTU-CVE-2012-6100

report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an activity report...

4CVSS5.8AI score0.01118EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2013/01/27 10:55 p.m.32 views

CVE-2012-6100

report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an activity report...

4CVSS5.9AI score0.01118EPSS
Exploits0References3
Microsoft Security Update
Microsoft Security Update
added 1970/01/01 12:0 a.m.17 views

Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 2

The service pack contains 104 fixes and improvements. Some of the major new features include: Kerberos authentication for NLB arrays, Improved error pages, Site activity report...

3.1AI score
Exploits0
Rows per page
Query Builder