Lucene search
K

29 matches found

NVD
NVD
added 2026/06/15 9:16 p.m.6 views

CVE-2026-42378

Subscriber Broken Authentication in WP Full Stripe Free = 8.4.1 versions...

6.5CVSS0.0039EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.27 views

CVE-2026-42378 WordPress WP Full Stripe Free plugin <= 8.4.1 - Broken Authentication vulnerability

Subscriber Broken Authentication in WP Full Stripe Free = 8.4.1 versions...

6.5CVSS0.0039EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.13 views

CVE-2026-42378

CVE-2026-42378 concerns the WordPress plugin WP Full Stripe Free (versions

6.5CVSS5.2AI score0.0039EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/27 8:14 p.m.12 views

CVE-2026-44833

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. This vulnerability is fixed in 8.4.1...

7.1CVSS5.8AI score0.00163EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/27 8:13 p.m.12 views

CVE-2026-44831

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting XSS. This vulnerability is fixed in 8.4.1...

5.4CVSS5.6AI score0.00218EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 7:30 p.m.14 views

EUVD-2026-31965

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. This vulnerability is fixed in 8.4.1...

7.1CVSS5.8AI score0.00163EPSS
Exploits0References2
CVE
CVE
added 2026/05/26 7:30 p.m.20 views

CVE-2026-44833

The CVE-2026-44833 affects Snipe-IT up to version 8.4.0, where an open redirect vulnerability arises from using an unvalidated HTTP Referer header stored in a session variable. When a user action triggers a redirect (e.g., Save with redirect option set to back), the application reads the back_url...

7.1CVSS5.8AI score0.00163EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/26 7:29 p.m.21 views

CVE-2026-44832

Snipe-IT (asset/license management) contains a privilege-escalation vulnerability prior to version 8.4.1. An authenticated user with only users.edit permission can elevate themselves to admin by PATCHing /api/v1/users/{id} with permissions[admin]=1. The API controller erroneously strips only the ...

8.8CVSS5.8AI score0.00314EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/26 7:29 p.m.33 views

CVE-2026-44832 Snipe-IT: Privilege Escalation via API Permissions Assignment

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/id with permissionsadmin=1. The API controller only strips the superuser key from the...

8.7CVSS0.00314EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/26 7:27 p.m.34 views

CVE-2026-44831 Snipe-IT: XSS vulnerability in component notes

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting XSS. This vulnerability is fixed in 8.4.1...

4.8CVSS0.00218EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/26 7:27 p.m.17 views

EUVD-2026-31960

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting XSS. This vulnerability is fixed in 8.4.1...

5.4CVSS5.6AI score0.00218EPSS
Exploits0References2
OSV
OSV
added 2026/05/08 11:4 p.m.12 views

GHSA-XG82-2HRV-HF64 Snipe-IT has insecure permissions in file uploads

Insecure Permissions vulnerability in grokability snipe-it versions through 8.4.0, fixed after 2026-03-10 commit 676a9958, allow a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component Impact Users who can view assets, consumables, etc we...

9.8CVSS6.2AI score0.00475EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/08 10:23 p.m.11 views

Snipe-IT has Stored XSS via Component Checkout Notes (v8.4.0)

Impact Users with component view access could be impacted by an unescaped notes column. Patches This was patched in https://github.com/grokability/snipe-it/commit/28f493d84d057895fbb93b6570e7393a2c2fa438, and is fixed in v8.4.1 or greater. Workarounds None...

5.4CVSS5.8AI score0.00218EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.15 views

PT-2026-39300

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.4.1 Description An authenticated user possessing only the users.edit permission can escalate their privileges to administrator. This occurs by sending a PATCH request to the '/api/v1/users/id' endpoint with the...

8.8CVSS5.8AI score0.00314EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/01/09 8:59 a.m.4 views

CVE-2023-49827

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from...

7.1CVSS7.1AI score0.00393EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-28218

Malicious code in bioql PyPI...

8.2CVSS6.3AI score0.00262EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-30323

Malicious code in bioql PyPI...

9.3CVSS6.3AI score0.00391EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/10/01 12:0 a.m.3 views

Fedora 41 : mapserver (2025-2b5c69ffe6)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-2b5c69ffe6 advisory. Update to mapserver-8.4.1, fixes CVE-2025-59431. Tenable has extracted the preceding description block directly from the Fedora security advisory...

9.8CVSS5.6AI score0.00391EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2025/09/22 11:22 p.m.5 views

SUSE CVE-2025-59431

MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipula...

9.8CVSS7.6AI score0.00391EPSS
Exploits1References3
OSV
OSV
added 2025/09/19 8:15 p.m.3 views

UBUNTU-CVE-2025-59431

MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipula...

9.8CVSS5.9AI score0.00391EPSS
Exploits1References3
Rows per page
Query Builder