Lucene search
K

2416 matches found

EUVD
EUVD
added 20 hours ago4 views

EUVD-2026-44579

An issue in Aetopia Digital Asset Management DAM v.1.0.0 allows a remote attacker to execute arbitrary code via the name and description parameter of the Add/Update Project function...

9.8CVSS6.4AI score
Exploits0References4
NVD
NVD
added yesterday4 views

CVE-2026-38450

An issue in Aetopia Digital Asset Management DAM v.1.0.0 allows a remote attacker to execute arbitrary code via the name and description parameter of the Add/Update Project function...

9.8CVSS
Exploits0References3
Cvelist
Cvelist
added yesterday27 views

CVE-2026-38450

An issue in Aetopia Digital Asset Management DAM v.1.0.0 allows a remote attacker to execute arbitrary code via the name and description parameter of the Add/Update Project function...

Exploits0References3
Nuclei
Nuclei
added 2 days ago173 views

IBM Maximo Asset Management Information Disclosure - XML External Entity Injection

IBM Maximo Asset Management is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. id: CVE-2020-4463 info: name: IBM Maximo Asset Management Information...

8.2CVSS7AI score0.3159EPSS
Exploits1References5
Snyk
Snyk
added 5 days ago3 views

Authorization Bypass Through User-Controlled Key

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the assetid field in the API update process. An attacker can gain unauthorized access to assets outside their company...

7.7CVSS6.1AI score0.00218EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42998

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the legacy single-seat license checkin flow authorizes the action with the checkout permission instead of the checkin permission, allowing a user who can assign licenses but not unassign them to directly access the old checkin...

5.3CVSS6.1AI score0.00238EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42997

Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction stores the request User-Agent header and ReportsController::postActivityReport writes that value to the Activity Report CSV without formula escaping, allowing a low-privileged authenticated user to store a...

4.8CVSS6.2AI score0.00269EPSS
Exploits0References3
NVD
NVD
added 5 days ago7 views

CVE-2026-55476

Snipe-IT is an IT asset/license management system. Prior to 8.6.0, POST /account/request/itemType/itemId/cancelbyadmin?/requestingUser? accepts cancelbyadmin as a URL path segment without sufficient authorization, allowing an authenticated user to supply a victim user ID and silently cancel that...

5.3CVSS0.002EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42989

Snipe-IT is an IT asset/license management system. Prior to 8.6.0, POST /account/request/itemType/itemId/cancelbyadmin?/requestingUser? accepts cancelbyadmin as a URL path segment without sufficient authorization, allowing an authenticated user to supply a victim user ID and silently cancel that...

5.3CVSS6.1AI score0.002EPSS
Exploits0References4
NVD
NVD
added 2026/06/17 10:54 a.m.12 views

CVE-2026-46932

Vulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

7.1CVSS0.0036EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:54 a.m.12 views

CVE-2026-46931

Vulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.6-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

8.8CVSS0.00402EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.17 views

PT-2026-50035

Vulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.6-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

8.8CVSS5.3AI score0.00402EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-50036

Vulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

7.1CVSS5.1AI score0.0036EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/06 6:42 a.m.18 views

CVE-2026-21837

HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover...

8.8CVSS5.9AI score0.0092EPSS
Exploits0References1
NVD
NVD
added 2026/06/05 7:16 a.m.18 views

CVE-2026-21837

HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover...

8.8CVSS0.0092EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 5:50 a.m.10 views

CVE-2026-21837

HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover...

8.7CVSS5.9AI score0.0092EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/05 5:50 a.m.16 views

EUVD-2026-34786

HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover...

8.7CVSS5.9AI score0.0092EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/05 5:50 a.m.11 views

CVE-2026-21837 HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API

HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover...

8.7CVSS5.9AI score0.0092EPSS
Exploits0References1
CVE
CVE
added 2026/06/05 5:50 a.m.28 views

CVE-2026-21837

HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could lead to a complete system takeover and data ...

8.8CVSS5.9AI score0.0092EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/05 5:50 a.m.45 views

CVE-2026-21837 HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API

HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover...

8.7CVSS0.0092EPSS
Exploits0References1
Rows per page
Query Builder