Lucene search
+L

213 matches found

NVD
NVD
added 2026/07/10 8:16 p.m.7 views

CVE-2026-55479

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the legacy single-seat license checkin flow authorizes the action with the checkout permission instead of the checkin permission, allowing a user who can assign licenses but not unassign them to directly access the old checkin...

5.3CVSS0.0019EPSS
Exploits0References3
CVE
CVE
added 2026/07/10 6:34 p.m.10 views

CVE-2026-55478

Snipe-IT (IT asset/license management) has a vulnerability in the Kits API. Before version 8.6.2, POST /api/v1/kits/{kit_id}/licenses validates the caller’s ability to edit kits but does not authorize access to the referenced license object. This allows a low-privilege user with predefined-kit pe...

5.4CVSS6.1AI score0.00175EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/07/10 6:34 p.m.32 views

CVE-2026-55478 Snipe-IT: Missing object-level authorization in Kits API

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, POST /api/v1/kits/kitid/licenses checks whether the caller can edit kits but does not authorize access to the referenced license object, allowing a low-privilege user with predefined-kit permissions to bind a license they should n...

5.3CVSS0.00175EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/10 6:34 p.m.10 views

EUVD-2026-42986

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, POST /api/v1/kits/kitid/licenses checks whether the caller can edit kits but does not authorize access to the referenced license object, allowing a low-privilege user with predefined-kit permissions to bind a license they should n...

5.4CVSS6.1AI score0.00175EPSS
Exploits0References3
OSV
OSV
added 2026/07/10 6:34 p.m.3 views

CVE-2026-55478 Snipe-IT: Missing object-level authorization in Kits API

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, POST /api/v1/kits/kitid/licenses checks whether the caller can edit kits but does not authorize access to the referenced license object, allowing a low-privilege user with predefined-kit permissions to bind a license they should n...

5.3CVSS6.1AI score0.00175EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/03 7:30 a.m.8 views

CVE-2026-7686

A vulnerability was found in eyeo Adblock Plus up to 4.36.2 on Chrome. Affected by this vulnerability is the function postMessage of the file premium.preload.js of the component Legacy Premium Activation. Performing a manipulation results in improper access controls. Remote exploitation of the...

6.9CVSS5.7AI score0.00363EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/12 6:10 p.m.2 views

CVE-2026-32100 swag/platform-security: `/api/_info/config` route exposes information about licenses and active security fixes

Shopware is an open commerce platform. /api/info/config route exposes information about active security fixes. This vulnerability is fixed in 2.0.16, 3.0.12, and 4.0.7...

5.3CVSS5.8AI score0.00201EPSS
Exploits0References1
OSV
OSV
added 2026/01/15 2:16 p.m.5 views

CVE-2026-22645

The application discloses all used components, versions and license information to unauthenticated actors, giving attackers the opportunity to target known security vulnerabilities of used components...

5.3CVSS5.8AI score0.00406EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/01/15 1:14 p.m.3 views

CVE-2026-22645

The application discloses all used components, versions and license information to unauthenticated actors, giving attackers the opportunity to target known security vulnerabilities of used components...

5.3CVSS6.5AI score0.00406EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/12/04 8:12 p.m.5 views

CVE-2025-41086

Vulnerability in the access control system of the GAMS licensing system that allows unlimited valid licenses to be generated, bypassing any usage restrictions. The validator uses an insecure checksum algorithm; knowing this algorithm and the format of the license lines, an attacker can recalculat...

6.9CVSS6.8AI score0.00187EPSS
Exploits0References1
OSV
OSV
added 2025/12/02 2:16 p.m.5 views

CVE-2025-41086

Vulnerability in the access control system of the GAMS licensing system that allows unlimited valid licenses to be generated, bypassing any usage restrictions. The validator uses an insecure checksum algorithm; knowing this algorithm and the format of the license lines, an attacker can recalculat...

6.5CVSS5.8AI score0.00187EPSS
Exploits0References2
NVD
NVD
added 2025/12/02 2:16 p.m.6 views

CVE-2025-41086

Vulnerability in the access control system of the GAMS licensing system that allows unlimited valid licenses to be generated, bypassing any usage restrictions. The validator uses an insecure checksum algorithm; knowing this algorithm and the format of the license lines, an attacker can recalculat...

6.9CVSS0.00187EPSS
Exploits0References2
CVE
CVE
added 2025/12/02 1:22 p.m.19 views

CVE-2025-41086

The CVE-2025-41086 affects GAMS licensing: the licensing system validator uses an insecure checksum algorithm, allowing an attacker who knows the checksum method and license-line format to recompute a valid checksum and forge licenses. This enables unlimited valid licenses, bypassing usage restri...

6.9CVSS6.5AI score0.00187EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/12/02 1:22 p.m.12 views

CVE-2025-41086 Authorization bypass in GAMS from GAMS Development Corp.

Vulnerability in the access control system of the GAMS licensing system that allows unlimited valid licenses to be generated, bypassing any usage restrictions. The validator uses an insecure checksum algorithm; knowing this algorithm and the format of the license lines, an attacker can recalculat...

6.9CVSS0.00187EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/02 12:0 a.m.10 views

AMS Development GAMS 安全漏洞

AMS Development GAMS is an algebraic modeling system from AMS Development India. AMS Development GAMS suffers from a security vulnerability that stems from checksums and the use of insecure algorithms that could lead to the generation of an unlimited valid license...

6.9CVSS6.6AI score0.00187EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.11 views

PT-2025-48685

Name of the Vulnerable Software and Affected Versions GAMS affected versions not specified Description A flaw exists in the access control system of the GAMS licensing system that permits the creation of an unlimited number of valid licenses, circumventing usage limitations. The system employs an...

6.9CVSS5.9AI score0.00187EPSS
Exploits0References6
HackRead
HackRead
added 2025/11/04 7:50 p.m.4 views

Google Expands Chrome Autofill to Passports and Licenses, But Is It Safe?

Google Chrome browser's new enhanced autofill feature can now remember and automatically fill in personal data such as…...

7AI score
Exploits0
CNNVD
CNNVD
added 2025/10/09 12:0 a.m.6 views

Qualcomm Chipsets 缓冲区错误漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A buffer error vulnerability exists in Qualcomm Chipsets that stems from a memory corruption when processing malformed license files...

7.8CVSS7.1AI score0.00081EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2019-15525

Malware in sbrugna...

7.8CVSS7.7AI score0.00944EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-15526

Malware in sbrugna...

7.8CVSS7.7AI score0.00944EPSS
Exploits0References3
Rows per page
Query Builder