213 matches found
CVE-2026-55479
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the legacy single-seat license checkin flow authorizes the action with the checkout permission instead of the checkin permission, allowing a user who can assign licenses but not unassign them to directly access the old checkin...
CVE-2026-55478
Snipe-IT (IT asset/license management) has a vulnerability in the Kits API. Before version 8.6.2, POST /api/v1/kits/{kit_id}/licenses validates the caller’s ability to edit kits but does not authorize access to the referenced license object. This allows a low-privilege user with predefined-kit pe...
CVE-2026-55478 Snipe-IT: Missing object-level authorization in Kits API
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, POST /api/v1/kits/kitid/licenses checks whether the caller can edit kits but does not authorize access to the referenced license object, allowing a low-privilege user with predefined-kit permissions to bind a license they should n...
EUVD-2026-42986
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, POST /api/v1/kits/kitid/licenses checks whether the caller can edit kits but does not authorize access to the referenced license object, allowing a low-privilege user with predefined-kit permissions to bind a license they should n...
CVE-2026-55478 Snipe-IT: Missing object-level authorization in Kits API
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, POST /api/v1/kits/kitid/licenses checks whether the caller can edit kits but does not authorize access to the referenced license object, allowing a low-privilege user with predefined-kit permissions to bind a license they should n...
CVE-2026-7686
A vulnerability was found in eyeo Adblock Plus up to 4.36.2 on Chrome. Affected by this vulnerability is the function postMessage of the file premium.preload.js of the component Legacy Premium Activation. Performing a manipulation results in improper access controls. Remote exploitation of the...
CVE-2026-32100 swag/platform-security: `/api/_info/config` route exposes information about licenses and active security fixes
Shopware is an open commerce platform. /api/info/config route exposes information about active security fixes. This vulnerability is fixed in 2.0.16, 3.0.12, and 4.0.7...
CVE-2026-22645
The application discloses all used components, versions and license information to unauthenticated actors, giving attackers the opportunity to target known security vulnerabilities of used components...
CVE-2026-22645
The application discloses all used components, versions and license information to unauthenticated actors, giving attackers the opportunity to target known security vulnerabilities of used components...
CVE-2025-41086
Vulnerability in the access control system of the GAMS licensing system that allows unlimited valid licenses to be generated, bypassing any usage restrictions. The validator uses an insecure checksum algorithm; knowing this algorithm and the format of the license lines, an attacker can recalculat...
CVE-2025-41086
Vulnerability in the access control system of the GAMS licensing system that allows unlimited valid licenses to be generated, bypassing any usage restrictions. The validator uses an insecure checksum algorithm; knowing this algorithm and the format of the license lines, an attacker can recalculat...
CVE-2025-41086
Vulnerability in the access control system of the GAMS licensing system that allows unlimited valid licenses to be generated, bypassing any usage restrictions. The validator uses an insecure checksum algorithm; knowing this algorithm and the format of the license lines, an attacker can recalculat...
CVE-2025-41086
The CVE-2025-41086 affects GAMS licensing: the licensing system validator uses an insecure checksum algorithm, allowing an attacker who knows the checksum method and license-line format to recompute a valid checksum and forge licenses. This enables unlimited valid licenses, bypassing usage restri...
CVE-2025-41086 Authorization bypass in GAMS from GAMS Development Corp.
Vulnerability in the access control system of the GAMS licensing system that allows unlimited valid licenses to be generated, bypassing any usage restrictions. The validator uses an insecure checksum algorithm; knowing this algorithm and the format of the license lines, an attacker can recalculat...
AMS Development GAMS 安全漏洞
AMS Development GAMS is an algebraic modeling system from AMS Development India. AMS Development GAMS suffers from a security vulnerability that stems from checksums and the use of insecure algorithms that could lead to the generation of an unlimited valid license...
PT-2025-48685
Name of the Vulnerable Software and Affected Versions GAMS affected versions not specified Description A flaw exists in the access control system of the GAMS licensing system that permits the creation of an unlimited number of valid licenses, circumventing usage limitations. The system employs an...
Google Expands Chrome Autofill to Passports and Licenses, But Is It Safe?
Google Chrome browser's new enhanced autofill feature can now remember and automatically fill in personal data such as…...
Qualcomm Chipsets 缓冲区错误漏洞
Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A buffer error vulnerability exists in Qualcomm Chipsets that stems from a memory corruption when processing malformed license files...
EUVD-2019-15525
Malware in sbrugna...
EUVD-2019-15526
Malware in sbrugna...