30 matches found
CVE-2026-55516
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, PATCH or PUT /api/v1/maintenances/maintenanceid checks access to the current maintenance record and asset but then fills attacker-controlled fields including assetid without re-authorizing the newly supplied asset, allowing an...
Craft CMS: Low-privilege users could read private asset contents when editing an asset (IDOR)
Summary A low-privileged authenticated user can read private asset content by calling assets/edit-image with an arbitrary assetId that they are not authorized to view. The endpoint returns image bytes or a preview redirect without enforcing a per-asset view authorization check, leading to potenti...
CGA-RX73-RR3H-9383
Bulletin has no description...
MS:F5121D7B-3ACD-495E-92AE-82EDDB5E55A9
...
MS:A47C549D-4F54-48ED-BE10-98B85655B865
...
MS:655C1897-91AE-410D-A7FA-523A763EF758
...
MS:848D4E56-2E06-4223-B90B-86A5B6D89691
...
MS:915364C4-6715-4FB7-AD5D-3BAF68649294
...
MS:AD9E8F30-FB5A-4D6F-8851-1772268362B8
...
MS:9A384FBC-88D7-4A09-863E-F50E7B9D2EB3
...
MS:383FB305-E3D6-4163-827F-1691D47739A6
...
MS:2A20DBDB-BF05-4339-BD04-EA8AE62D9DDA
...
MS:65FC8365-981D-406F-9365-5EF84E4704DC
...
MS:10A48D13-24FD-4970-95A4-1467C90AFDBE
...
MS:FB4BDD6B-7619-4D69-AF77-04FB4505D26F
...
MS:F210AFA2-79F9-4C53-AA58-391A3B819131
...
MS:11C0C141-11C8-4098-9252-BCAA9B17D2A5
...
MS:905BBE76-70D7-4ED9-8E10-933720DD6009
...
MS:ACF1E48A-5368-44FB-AD0C-A831E172134D
...
MS:8AFAE340-36B4-4706-B85E-20EAB2BD6D7D
...