Lucene search
K

11 matches found

CVE
CVE
added yesterday3 views

CVE-2026-55515

CVE-2026-55515 affects Snipe-IT prior to version 8.6.2. The unaccepted-assets report delete endpoint erroneously authorizes on a global ID: it allows a reports user in one company to delete pending CheckoutAcceptance records for another company by calling CheckoutAcceptance::pending()->find($a...

5CVSS6.1AI score
Exploits0References3
NVD
NVD
added yesterday7 views

CVE-2026-54329

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the Accessories API create path mass-assigns request parameters to the Accessory model while companyid is mass assignable, allowing a low-privileged authenticated user in one company to create accessory records under another compa...

8.5CVSS
Exploits0References5
NVD
NVD
added yesterday6 views

CVE-2026-55472

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, when Full Multiple Companies Support and scopelocationsfmcs are enabled, the API location creation endpoint detects an invalid parent-child company mismatch but does not return immediately, allowing creation of a child location...

4.3CVSS
Exploits0References3
CVE
CVE
added yesterday6 views

CVE-2026-55472

Snipe-IT (IT asset/license management) prior to version 8.6.2 permits creating a child location under a parent from a different company when Full Multiple Companies Support and scope_locations_fmcs are enabled. The API location creation endpoint detects an invalid parent-child company mismatch bu...

4.3CVSS6.1AI score
Exploits0References3Affected Software1
CVE
CVE
added yesterday9 views

CVE-2026-55516

CVE-2026-55516 affects Snipe-IT prior to 8.6.2. A PATCH/PUT to /api/v1/maintenances/{maintenance_id} first validates access to the maintenance and asset, then accepts attacker-controlled asset_id, allowing an authorized user to re-parent a maintenance record to an asset outside their company scop...

7.7CVSS6.1AI score
Exploits0References3Affected Software1
EUVD
EUVD
added yesterday5 views

EUVD-2026-42982

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the Accessories API create path mass-assigns request parameters to the Accessory model while companyid is mass assignable, allowing a low-privileged authenticated user in one company to create accessory records under another compa...

8.5CVSS6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.9 views

PT-2026-51642

Name of the Vulnerable Software and Affected Versions Snipe-IT affected versions not specified Description An authorization bypass exists in the BulkAssetsController::update function. The system accepts the company id variable directly from user input without utilizing the standard company-scopin...

6.3CVSS5.9AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/10 12:18 a.m.2 views

CVE-2026-27687

Due to missing authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal, a user with high privileges could access sensitive data belonging to another company. This vulnerability has a high impact on confidentiality and does not affect integrity and availability...

5.8CVSS5.8AI score0.00262EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.4 views

SAP S/4 HANA 安全漏洞

SAP S/4 HANA is an intelligent, integrated ERP software for large enterprises from SAP, a German company. A security vulnerability exists in SAP S/4 HANA Private Cloud that stems from a lack of authorization checks and could lead to cross-company code reading sensitive data and modifying document...

7.1CVSS6.6AI score0.00265EPSS
Exploits0References2
OSV
OSV
added 2022/01/18 8:15 p.m.2 views

CVE-2021-44838

An issue was discovered in Delta RM 1.2. Using the /risque/risque/ajax-details endpoint, with a POST request indicating the risk to access with the id parameter, it is possible for users to access risks of other companies...

4.3CVSS5.8AI score
Exploits0References2
Microsoft Secure
Microsoft Secure
added 2019/08/07 11:50 p.m.138 views

A case study in industry collaboration: Poisoned RDP vulnerability disclosure and response

Earlier this year, I reached out to Check Point researcher Eyal Itkin, who had published multiple flaws in several Remote Desktop Protocol RDP clients, including a vulnerability in mstsc.exe, the built-in RDP client application in Windows. While there were no active exploits detected in the wild,...

8.5CVSS8.4AI score0.70966EPSS
Exploits0
Rows per page
Query Builder