52 matches found
PT-2026-45790
Improper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user with entry edit privileges to modify asset information without the required permission...
Missing Authorization
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Missing Authorization via the actionShowInFolder process. An attacker can access sensitive asset filenames and complete folder structures, including volume handles and URIs, by supplying...
CVE-2026-5374
An issue that allowed MCP agents to access remediation and asset information from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. Th...
CVE-2026-5374
An issue that allowed MCP agents to access remediation and asset information from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. Th...
CVE-2026-5374
CVE-2026-5374 affects the runZero Platform MCP component. The issue is due to Incorrect Authorization that allowed MCP agents to access remediation and asset information outside the authorized scope, exposing confidentiality. The CVSS v3.1 vector is AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N with a base...
CVE-2026-33161
Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, a low-privileged authenticated user can call assets/image-editor with the ID of a private asset they cannot view and still receive editor response dat...
CVE-2026-33161
Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, a low-privileged authenticated user can call assets/image-editor with the ID of a private asset they cannot view and still receive editor response dat...
CVE-2026-33161 Craft CMS: Anonymous "assets/image-editor" calls returns private asset editor metadata to unauthorized users
Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, a low-privileged authenticated user can call assets/image-editor with the ID of a private asset they cannot view and still receive editor response dat...
PT-2026-27466
Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, a low-privileged authenticated user can call assets/image-editor with the ID of a private asset they cannot view and still receive editor response dat...
EUVD-2012-5830
Malware in sbrugna...
EUVD-2023-57578
Malicious code in bioql PyPI...
Security Bulletin: IBM Asset Data Dictionary uses netty-common-4.1.115.Final.jar which is vulnerable to CVE-2025-25193.
Summary IBM Asset Data Dictionary uses netty-common-4.1.115.Final.jar which is vulnerable to CVE-2025-25193. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-25193 DESCRIPTION: Netty, an asynchronous, event-driven network...
CVE-2012-5956
Multiple cross-site scripting XSS vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset data to discoveryServlet/WsDiscoveryServlet, as demonstrated by the DocRoot/ComputerInformation/output...
Security Bulletin: IBM Asset Data Dictionary uses netty-handler-4.1.108.Final.jar which is vulnerable to CVE-2025-24970.
Summary IBM Asset Data Dictionary uses netty-handler-4.1.108.Final.jar which is vulnerable to CVE-2025-24970. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an asynchronous, event-driven network...
Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
Exploit Title: Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference IDOR Google Dork: N/A Date: 2025-05-02 Exploit Author: Sn1p3r-H4ck3r Siripong Jintung Vendor Homepage: https://snipeitapp.com Software Link: https://github.com/grokability/snipe-it Version: /printassigned endpoint. This...
Security Bulletin: IBM Asset Data Dictionary uses jetty-http-9.4.48.v20220622.jar which is vulnerable to CVE-2024-6763.
Summary IBM Asset Data Dictionary uses jetty-http-9.4.48.v20220622.jar which is vulnerable to CVE-2024-6763. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable,...
Security Bulletin: IBM Asset Data Dictionary uses multiple third party dependencies which is vulnerable to CVEs.
Summary IBM Asset Data Dictionary uses...
CVE-2024-7295
In Progress® Telerik® Report Server versions prior to 2024 Q4 10.3.24.1112, the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information...
Security Bulletin: IBM Maximo Application Suite - IBM Asset Data Dictionary Component uses certifi-2024.2.2-py3-none-any.whl which is vulnerable to CVE-2024-39689
Summary IBM Maximo Application Suite - IBM Asset Data Dictionary Component uses certifi-2024.2.2-py3-none-any.whl which is vulnerable to CVE-2024-39689. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi...
Security Bulletin: IBM Asset Data Dictionary uses jline-3.9.0.jar and zookeeper-3.9.2.jar which is vulnerable to CVE-2023-50572 and CVE-2024-51504
Summary IBM Asset Data Dictionary uses jline-3.9.0.jar and zookeeper-3.9.2.jar which is vulnerable to CVE-2023-50572 and CVE-2024-51504. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-50572 DESCRIPTION: JLine is vulnerable to a...