6193 matches found
EUVD-2026-43635
In Eclipse BaSyx Java Server SDK versions 2.0.0-milestone-05 to 2.0.0-milestone-12, deployments using the MongoDB backend are vulnerable to an unauthenticated arbitrary file write through the AAS thumbnail API. The AAS thumbnail upload path accepted a client-controlled fileName request parameter...
IBM Maximo Asset Management Information Disclosure - XML External Entity Injection
IBM Maximo Asset Management is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. id: CVE-2020-4463 info: name: IBM Maximo Asset Management Information...
Authorization Bypass Through User-Controlled Key
Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the assetid field in the API update process. An attacker can gain unauthorized access to assets outside their company...
CVE-2026-55469
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated user with import and assets.update permissions can place a path traversal string in an asset image field through CSV import and then trigger image deletion, allowing deletion of arbitrary files accessible to the...
EUVD-2026-43000
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated user with import and assets.update permissions can place a path traversal string in an asset image field through CSV import and then trigger image deletion, allowing deletion of arbitrary files accessible to the...
EUVD-2026-42998
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the legacy single-seat license checkin flow authorizes the action with the checkout permission instead of the checkin permission, allowing a user who can assign licenses but not unassign them to directly access the old checkin...
EUVD-2026-42997
Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction stores the request User-Agent header and ReportsController::postActivityReport writes that value to the Activity Report CSV without formula escaping, allowing a low-privileged authenticated user to store a...
CVE-2026-55476
Snipe-IT is an IT asset/license management system. Prior to 8.6.0, POST /account/request/itemType/itemId/cancelbyadmin?/requestingUser? accepts cancelbyadmin as a URL path segment without sufficient authorization, allowing an authenticated user to supply a victim user ID and silently cancel that...
CVE-2026-55516
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, PATCH or PUT /api/v1/maintenances/maintenanceid checks access to the current maintenance record and asset but then fills attacker-controlled fields including assetid without re-authorizing the newly supplied asset, allowing an...
CVE-2026-55464 Snipe-IT: Stored XSS via Markdown custom field
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, CommonMark escapes raw HTML but does not sanitize javascript: URIs in Markdown hyperlinks, allowing a user with assets.edit permission to place a malicious link in a markdown-textarea custom field that executes arbitrary JavaScrip...
CVE-2026-55476 Snipe-IT: Unauthorized Asset Request Cancellation via Unguarded cancel_by_admin Parameter
Snipe-IT is an IT asset/license management system. Prior to 8.6.0, POST /account/request/itemType/itemId/cancelbyadmin?/requestingUser? accepts cancelbyadmin as a URL path segment without sufficient authorization, allowing an authenticated user to supply a victim user ID and silently cancel that...
EUVD-2026-42989
Snipe-IT is an IT asset/license management system. Prior to 8.6.0, POST /account/request/itemType/itemId/cancelbyadmin?/requestingUser? accepts cancelbyadmin as a URL path segment without sufficient authorization, allowing an authenticated user to supply a victim user ID and silently cancel that...
CVE-2026-55476 Snipe-IT: Unauthorized Asset Request Cancellation via Unguarded cancel_by_admin Parameter
Snipe-IT is an IT asset/license management system. Prior to 8.6.0, POST /account/request/itemType/itemId/cancelbyadmin?/requestingUser? accepts cancelbyadmin as a URL path segment without sufficient authorization, allowing an authenticated user to supply a victim user ID and silently cancel that...
CVE-2026-55476
Snipe-IT (asset/license management) prior to v8.6.0 is vulnerable: POST /account/request/{itemType}/{itemId}/{cancel_by_admin}/{requestingUser} accepts cancel_by_admin as a URL path segment, enabling an authenticated user to silently cancel another user’s pending asset requests. Affects versions ...
CVE-2026-55516 Snipe-IT: Cross-company asset maintenance re-parenting via API update
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, PATCH or PUT /api/v1/maintenances/maintenanceid checks access to the current maintenance record and asset but then fills attacker-controlled fields including assetid without re-authorizing the newly supplied asset, allowing an...
CVE-2026-55516
CVE-2026-55516 affects Snipe-IT prior to 8.6.2. A PATCH/PUT to /api/v1/maintenances/{maintenance_id} first validates access to the maintenance and asset, then accepts attacker-controlled asset_id, allowing an authorized user to re-parent a maintenance record to an asset outside their company scop...
PT-2026-57270
Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.6.2 Description An issue exists in the IT asset and license management system where the endpoints 'PATCH /api/v1/maintenances/maintenance id' and 'PUT /api/v1/maintenances/maintenance id' fail to re-authorize asset...
CVE-2026-59855
SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, Asset.render in app/src/asset/index.ts interpolates the unsanitized this.path value into HTML assigned to innerHTML, allowing a crafted asset link containing a double quote to break out of the src attribute, inject an...
CVE-2026-59855
The CVE affects SiYuan prior to version 3.7.1 where Asset.render (app/src/asset/index.ts) interpolates unsanitized this.path into innerHTML. This allows a crafted asset link containing a double quote to break the src attribute and inject an event handler, enabling JavaScript execution that can ru...
PT-2026-57012
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.1 Description In the Asset.render function within app/src/asset/index.ts, the unsanitized this.path variable is interpolated into HTML assigned to innerHTML. A crafted asset link containing a double quote can break...