Lucene search
+L

27 matches found

NVD
NVD
•added 2026/07/10 8:16 p.m.•9 views

CVE-2026-55462

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UsersController::show and printInventory authorize only user viewing before loading and rendering assigned license, accessory, and consumable relationships, allowing an authenticated user with only users.view to see inventory and...

4.3CVSS0.0026EPSS
Exploits1References3
Positive Technologies
Positive Technologies
•added 2026/07/10 12:0 a.m.•9 views

PT-2026-57264

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.6.2 Description An authenticated non-admin user possessing users.view and users.edit permissions, but lacking users.delete permissions, can perform a soft-delete of another non-admin user. This occurs because the...

7.1CVSS6.1AI score0.00285EPSS
Exploits1References9
RedhatCVE
RedhatCVE
•added 2026/06/05 7:32 p.m.•12 views

CVE-2026-6623

A security flaw has been discovered in BichitroGan ISP Billing Software 2025.3.20. This impacts an unknown function of the file /?route=settings/users-view/ of the component Profile Page Handler. Performing a manipulation results in cross site scripting. The attack is possible to be carried out...

4.8CVSS3.8AI score0.00206EPSS
Exploits0References1
NVD
NVD
•added 2026/04/20 10:16 a.m.•5 views

CVE-2026-6623

A security flaw has been discovered in BichitroGan ISP Billing Software 2025.3.20. This impacts an unknown function of the file /?route=settings/users-view/ of the component Profile Page Handler. Performing a manipulation results in cross site scripting. The attack is possible to be carried out...

4.8CVSS0.00206EPSS
Exploits0References4
Vulnrichment
Vulnrichment
•added 2026/04/20 9:0 a.m.•3 views

CVE-2026-6623 BichitroGan ISP Billing Software Profile users-view cross site scripting

A security flaw has been discovered in BichitroGan ISP Billing Software 2025.3.20. This impacts an unknown function of the file /?route=settings/users-view/ of the component Profile Page Handler. Performing a manipulation results in cross site scripting. The attack is possible to be carried out...

4.8CVSS4.2AI score0.00206EPSS
Exploits0References4
CVE
CVE
•added 2026/04/20 9:0 a.m.•17 views

CVE-2026-6623

CVE-2026-6623 affects BichitroGan ISP Billing Software 2025.3.20. The issue is a cross-site scripting vulnerability in the Profile Page Handler, triggered by manipulating the file path /?_route=settings/users-view/. The attack could be carried out remotely, with the CVSS indicating network access...

4.8CVSS4.1AI score0.00206EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
•added 2026/04/20 9:0 a.m.•7 views

CVE-2026-6623

A security flaw has been discovered in BichitroGan ISP Billing Software 2025.3.20. This impacts an unknown function of the file /?route=settings/users-view/ of the component Profile Page Handler. Performing a manipulation results in cross site scripting. The attack is possible to be carried out...

4.8CVSS4.2AI score0.00206EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
•added 2026/04/20 9:0 a.m.•37 views

CVE-2026-6623 BichitroGan ISP Billing Software Profile users-view cross site scripting

A security flaw has been discovered in BichitroGan ISP Billing Software 2025.3.20. This impacts an unknown function of the file /?route=settings/users-view/ of the component Profile Page Handler. Performing a manipulation results in cross site scripting. The attack is possible to be carried out...

4.8CVSS0.00206EPSS
Exploits0References4
EUVD
EUVD
•added 2026/04/02 3:31 p.m.•4 views

EUVD-2026-18312

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the DOMAIN parameter to /cgi-bin/smtpdomains.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS5.9AI score0.00138EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2026/03/30 5:0 a.m.•5 views

CVE-2026-5031

A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?route=settings/users-view/ of the component Endpoint. The manipulation of the argument ID results in improper control of resource identifiers. The attack can be launched remotely...

5.3CVSS5.5AI score0.00226EPSS
Exploits0References1
NVD
NVD
•added 2026/03/29 5:15 a.m.•5 views

CVE-2026-5031

A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?route=settings/users-view/ of the component Endpoint. The manipulation of the argument ID results in improper control of resource identifiers. The attack can be launched remotely...

5.3CVSS0.00226EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
•added 2026/03/29 4:30 a.m.•2 views

CVE-2026-5031

A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?route=settings/users-view/ of the component Endpoint. The manipulation of the argument ID results in improper control of resource identifiers. The attack can be launched remotely...

5.3CVSS5.5AI score0.00226EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
•added 2026/03/29 4:30 a.m.•3 views

CVE-2026-5031 BichitroGan ISP Billing Software Endpoint users-view resource injection

A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?route=settings/users-view/ of the component Endpoint. The manipulation of the argument ID results in improper control of resource identifiers. The attack can be launched remotely...

5.3CVSS5.5AI score0.00226EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/03/29 4:30 a.m.•42 views

CVE-2026-5031 BichitroGan ISP Billing Software Endpoint users-view resource injection

A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?route=settings/users-view/ of the component Endpoint. The manipulation of the argument ID results in improper control of resource identifiers. The attack can be launched remotely...

5.3CVSS0.00226EPSS
Exploits0References4
CVE
CVE
•added 2026/03/29 4:30 a.m.•15 views

CVE-2026-5031

CVE-2026-5031 affects BichitroGan ISP Billing Software 2025.3.20. The vulnerability is in the Endpoint component, specifically the unknown function at the file path /?_route=settings/users-view/. The issue arises from manipulation of the argument ID , causing improper control of resource identifi...

5.3CVSS5.5AI score0.00226EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/03/29 12:0 a.m.•14 views

PT-2026-28743

Name of the Vulnerable Software and Affected Versions BichitroGan ISP Billing Software version 2025.3.20 Description A flaw exists in BichitroGan ISP Billing Software that allows for improper control of resource identifiers. The issue is located within an unknown function of the file ‘/?...

5.3CVSS5.7AI score0.00226EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2026/02/03 12:0 a.m.•13 views

PT-2026-5800

Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags to execute arbitrary JavaScript when the accessory is viewed by other users...

6.4CVSS5.5AI score0.00243EPSS
Exploits0References5
EUVD
EUVD
•added 2025/10/07 12:30 a.m.•5 views

EUVD-2008-4636

Malware in sbrugna...

7.5CVSS6.4AI score0.01051EPSS
Exploits0References4
EUVD
EUVD
•added 2025/10/03 8:7 p.m.•5 views

EUVD-2022-31701

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.01107EPSS
Exploits1References1
OSV
OSV
•added 2023/07/23 8:15 a.m.•5 views

CVE-2023-3848

A vulnerability, which was classified as problematic, has been found in mooSocial mooDating 1.2. This issue affects some unknown processing of the file /users/view of the component URL Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated...

6.1CVSS3.9AI score0.03678EPSS
Exploits4References3
Rows per page
Query Builder