Lucene search
K

20 matches found

Snyk
Snyk
added 5 days ago3 views

CSV Injection

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to CSV Injection through the postActivityReport process. An attacker can cause arbitrary formula execution in spreadsheet software by injecting a specially crafted User-Agent...

7.3CVSS6.3AI score0.00269EPSS
Exploits0References2
NVD
NVD
added 5 days ago8 views

CVE-2026-55452

Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction stores the request User-Agent header and ReportsController::postActivityReport writes that value to the Activity Report CSV without formula escaping, allowing a low-privileged authenticated user to store a...

7.3CVSS0.00269EPSS
Exploits0References3
CVE
CVE
added 5 days ago11 views

CVE-2026-55452

CVE-2026-55452 concerns Snipe-IT (IT asset/license management) where pre-8.5.0 builds store the User-Agent header via Actionlog::logaction() and export it in Activity Report CSV without formula escaping. This allows a low-privileged authenticated user to inject a formula-like payload that can exe...

7.3CVSS6.2AI score0.00269EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-55452 Snipe-IT: CSV formula injection in Activity Report export

Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction stores the request User-Agent header and ReportsController::postActivityReport writes that value to the Activity Report CSV without formula escaping, allowing a low-privileged authenticated user to store a...

4.8CVSS0.00269EPSS
Exploits0References3
OSV
OSV
added 5 days ago3 views

CVE-2026-55452 Snipe-IT: CSV formula injection in Activity Report export

Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction stores the request User-Agent header and ReportsController::postActivityReport writes that value to the Activity Report CSV without formula escaping, allowing a low-privileged authenticated user to store a...

4.8CVSS6.2AI score0.00269EPSS
Exploits0References5
NVD
NVD
added 2026/04/13 4:16 p.m.4 views

CVE-2025-63743

Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via "Name" and "Surname" fields. The JavaScript code is execut...

5.4CVSS0.00233EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/13 12:0 a.m.3 views

CVE-2025-63743

Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via "Name" and "Surname" fields. The JavaScript code is execut...

5.9AI score0.00233EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/04/13 12:0 a.m.4 views

CVE-2025-63743

Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via "Name" and "Surname" fields. The JavaScript code is execut...

5.9AI score0.00233EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/13 12:0 a.m.33 views

CVE-2025-63743

Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via "Name" and "Surname" fields. The JavaScript code is execut...

0.00233EPSS
Exploits1References2
Circl
Circl
added 2026/02/02 2:24 p.m.4 views

CERTFR-2026-ACT-005

creationtimestamp| type| source ---|---|--- 2026-02-02 14:24:55+00:00| seen| https://bsky.app/profile/cert-fr.bsky.social/post/3mdv2f55uwk26 2026-02-02 15:42:59+00:00| seen| https://bsky.app/profile/infosecfr.skyfleet.blue/post/3mdv6qqjhxb2m 2026-02-06 23:48:20+00:00| seen|...

5.1AI score
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2012-5969

Malware in sbrugna...

4CVSS6.2AI score0.01118EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-7001

Malicious code in bioql PyPI...

4.3CVSS5AI score0.00549EPSS
Exploits0References4
Circl
Circl
added 2025/05/28 6:24 p.m.14 views

CVE-2025-1461

creationtimestamp| type| source ---|---|--- 2025-05-28 18:24:14+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqat6suri5a2...

5.6CVSS7AI score0.00268EPSS
Exploits1References1
Circl
Circl
added 2025/03/03 3:58 p.m.13 views

CVE-2018-8639

creationtimestamp| type| source ---|---|--- 2025-03-03 15:58:10+00:00| seen| https://feedsin.space/feed/CISAKevBot/items/3472167 2025-03-03 18:10:03+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2025-03-03 19:03:10+00:00| seen| https://bsky.app/profile/hackingne.ws/post/3ljinbdwlgm23...

8.4CVSS7.4AI score0.22349EPSS
Exploits0References23
Circl
Circl
added 2025/01/29 4:45 p.m.5 views

CERTFR-2022-ALE-009

creationtimestamp| type| source ---|---|--- 2025-01-29 16:45:57+00:00| seen| https://bsky.app/profile/tuxpanik.bsky.social/post/3lgvg7ltm3o2o...

7.2AI score
Exploits0References1
Circl
Circl
added 2025/01/27 2:8 p.m.5 views

CVE-2025-24533

creationtimestamp| type| source ---|---|--- 2025-01-27 14:08:31+00:00| seen| https://infosec.exchange/users/cve/statuses/113900710198750560 2025-01-27 14:16:12+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgq4vyfecg2j 2025-01-27 14:55:05+00:00| seen|...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References4
Prion
Prion
added 2013/01/27 10:55 p.m.20 views

Authentication flaw

report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an activity report...

4CVSS6.7AI score0.01118EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2013/01/27 10:55 p.m.32 views

CVE-2012-6100

report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an activity report...

4CVSS5.9AI score0.01118EPSS
Exploits0References3
OSV
OSV
added 2013/01/27 10:55 p.m.4 views

UBUNTU-CVE-2012-6100

report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an activity report...

4CVSS5.8AI score0.01118EPSS
Exploits0References4
Microsoft Security Update
Microsoft Security Update
added 1970/01/01 12:0 a.m.17 views

Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 2

The service pack contains 104 fixes and improvements. Some of the major new features include: Kerberos authentication for NLB arrays, Improved error pages, Site activity report...

3.1AI score
Exploits0
Rows per page
Query Builder