Lucene search
K

48 matches found

EUVD
EUVD
added 2026/06/23 10:24 p.m.13 views

EUVD-2026-35140

Snipe-IT: Bulk editing users allowed ldapimport and activatedin bulk editing users...

7.1CVSS5.8AI score0.00194EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.13 views

CVE-2026-48507

Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular users.edit permission to lock every admin out of the instance by editing the activated flag which determines whether or not a user can login and the...

7.1CVSS5.5AI score0.00194EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 5:16 p.m.18 views

CVE-2026-48507

Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular users.edit permission to lock every admin out of the instance by editing the activated flag which determines whether or not a user can login and the...

7.1CVSS0.00194EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/08 3:41 p.m.12 views

CVE-2026-48507 Snipe-IT: Bulk editing users allowed `ldap_import` and `activated_in` bulk editing users

Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular users.edit permission to lock every admin out of the instance by editing the activated flag which determines whether or not a user can login and the...

7.1CVSS5.5AI score0.00194EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:41 p.m.8 views

CVE-2026-48507

Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular users.edit permission to lock every admin out of the instance by editing the activated flag which determines whether or not a user can login and the...

7.1CVSS5.5AI score0.00194EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/08 3:41 p.m.28 views

CVE-2026-48507

Snipe-IT (IT asset/license management system) has a vulnerability affecting versions before 8.6.0. A non-admin user with only the granular users.edit permission can lock out admins by editing the activated flag (login eligibility) and the ldap_import flag (password reset requests). The issue is f...

7.1CVSS5.5AI score0.00194EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/08 3:41 p.m.45 views

CVE-2026-48507 Snipe-IT: Bulk editing users allowed `ldap_import` and `activated_in` bulk editing users

Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular users.edit permission to lock every admin out of the instance by editing the activated flag which determines whether or not a user can login and the...

7.1CVSS0.00194EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.13 views

Snipe-IT 安全漏洞

Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT prior to 8.6.0 contained security vulnerabilities. These vulnerabilities stemmed from the ability for non-administrator users to have the "users.edit" permission, allowing them to...

7.1CVSS5.4AI score0.00194EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.16 views

PT-2026-47386

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.6.0 Description An issue in this IT asset and license management system allows a non-admin user with the users.edit permission to lock all administrators out of the instance. This is achieved by modifying the...

7.1CVSS5.5AI score0.00194EPSS
Exploits0References8
OSV
OSV
added 2026/05/11 5:23 p.m.14 views

MAL-2026-3429 Malicious code in openai-spellchecker (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 13911c4c1e0334b4e4d972e3b3256a08f8991d3935d74086c252ed085d3984a0 The package hides code to download and execute a next-stage payload, which then communicates with C2 and listens for next code parts. In the analyzed version,...

6AI score
Exploits0References3
Cvelist
Cvelist
added 2025/11/27 10:57 a.m.14 views

CVE-2025-10476 WP Fastest Cache <= 1.4.0 - Missing Authorization to Authenticated (Subscriber+) DB Cleanup Actions

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpfcdbfixcallback function in all versions up to, and including, 1.4.0. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

4.3CVSS0.00191EPSS
Exploits0References3
CVE
CVE
added 2025/11/27 10:57 a.m.20 views

CVE-2025-10476

WP Fastest Cache for WordPress

4.3CVSS4.7AI score0.00191EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-19847

Malicious code in bioql PyPI...

5.3CVSS6.4AI score0.00367EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-24224

Malicious code in bioql PyPI...

8.8CVSS6.4AI score0.00548EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/08/14 7:28 a.m.3 views

CVE-2025-8418

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Arbitrary Plugin Installation in all versions up to, and including, 1.1.30. This is due to missing capability checks on the activatedplugin function. This makes it possible for authenticated attackers, with...

8.8CVSS7.9AI score0.00548EPSS
Exploits0References1
CVE
CVE
added 2025/08/12 6:42 a.m.22 views

CVE-2025-8418

CVE-2025-8418 : B Slider – Gutenberg Slider Block for WP (WordPress) is vulnerable up to version 1.1.30 due to missing capability checks on the activated_plugin function. Authenticated users with subscriber-level access or higher can install arbitrary plugins, potentially enabling remote code exe...

8.8CVSS7.8AI score0.00548EPSS
Exploits0References3
OSV
OSV
added 2025/08/11 1:53 p.m.4 views

BIT-LIBPYTHON-2024-9287 Virtual environment (venv) activation scripts don't quote paths

A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means that...

7.8CVSS7.1AI score0.00647EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2025/05/23 8:24 a.m.4 views

CVE-2024-48251

Wavelog 1.8.5 allows Activatedgridmapmodel.php getbandconfirmed SQL injection via band, sat, propagation, or mode...

9.8CVSS5.9AI score0.00533EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/06 12:0 a.m.4 views

Qualcomm Chipsets 缓冲区错误漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A buffer error vulnerability exists in Qualcomm Chipsets that originates when the audio kernel driver performs voice-activated sound model registration, which can lead to memory corruption...

7.8CVSS6.8AI score0.00093EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/12/22 12:0 a.m.13 views

Fedora 41 : libcomps / libdnf / python3-docs / python3.13 (2024-3c18fe0d93)

The remote Fedora 41 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-3c18fe0d93 advisory. This is the first maintenance release of Python 3.13 ==================================================== Python 3.13 is the newest major release of...

8.7CVSS7.5AI score0.0188EPSS
Exploits0References3
Rows per page
Query Builder