30 matches found
CVE-2026-55516
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, PATCH or PUT /api/v1/maintenances/maintenanceid checks access to the current maintenance record and asset but then fills attacker-controlled fields including assetid without re-authorizing the newly supplied asset, allowing an...
Craft CMS: Low-privilege users could read private asset contents when editing an asset (IDOR)
Summary A low-privileged authenticated user can read private asset content by calling assets/edit-image with an arbitrary assetId that they are not authorized to view. The endpoint returns image bytes or a preview redirect without enforcing a per-asset view authorization check, leading to potenti...
CGA-RX73-RR3H-9383
Bulletin has no description...
MS:9750C40C-CB2A-4214-A7DF-7633CC39D109
...
MS:9F529881-5160-47F3-BA9D-71C7F20042DA
...
MS:2F3485BC-E427-47CA-B1D7-CBC59469AE98
...
MS:DB8F6620-BD07-4141-9DA6-80E39867CC8A
...
MS:60372B87-1B26-406B-AAD5-F42B49E24418
...
MS:6E5A75FE-58E5-4E3E-AD4B-B70C1C731F8F
...
MS:383FB305-E3D6-4163-827F-1691D47739A6
...
MS:2A20DBDB-BF05-4339-BD04-EA8AE62D9DDA
...
MS:65FC8365-981D-406F-9365-5EF84E4704DC
...
MS:10A48D13-24FD-4970-95A4-1467C90AFDBE
...
MS:FB4BDD6B-7619-4D69-AF77-04FB4505D26F
...
MS:F210AFA2-79F9-4C53-AA58-391A3B819131
...
MS:53F3588B-F9AC-4167-97AC-C6C28C3F8917
...
MS:11C0C141-11C8-4098-9252-BCAA9B17D2A5
...
MS:F5121D7B-3ACD-495E-92AE-82EDDB5E55A9
...
MS:A47C549D-4F54-48ED-BE10-98B85655B865
...
MS:655C1897-91AE-410D-A7FA-523A763EF758
...