Lucene search
K

8 matches found

CVE
CVE
added 3 days ago7 views

CVE-2026-55464

Snipe-IT (IT asset/license management) is affected by CVE-2026-55464 prior to version 8.6.2. The issue arises from CommonMark escaping raw HTML but not sanitizing javascript: URIs in Markdown hyperlinks within a markdown-textarea custom field. A user with assets.edit permission can insert a malic...

5.4CVSS6.2AI score0.00173EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/03/24 6:16 p.m.6 views

CVE-2026-33158

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, a low-privileged authenticated user can read private asset content by calling assets/edit-image with an arbitrary assetId that they are not authorized...

7.1CVSS0.00353EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/24 5:26 p.m.2 views

CVE-2026-33158 Craft CMS: Low-privilege users could read private asset contents when editing an asset (IDOR)

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, a low-privileged authenticated user can read private asset content by calling assets/edit-image with an arbitrary assetId that they are not authorized...

7.1CVSS5.8AI score0.00353EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/24 5:26 p.m.2 views

CVE-2026-33158

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, a low-privileged authenticated user can read private asset content by calling assets/edit-image with an arbitrary assetId that they are not authorized...

7.1CVSS5.8AI score0.00353EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.4 views

PT-2026-27463

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, a low-privileged authenticated user can read private asset content by calling assets/edit-image with an arbitrary assetId that they are not authorized...

7.1CVSS5.8AI score0.00353EPSS
Exploits0References5
OSV
OSV
added 2025/10/13 3:15 a.m.7 views

CVE-2025-11656

A weakness has been identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown function of the file /assets/editNotes.php. Executing manipulation of the argument File can lead to unrestricted upload. The attack can be launche...

9.8CVSS5.5AI score0.00547EPSS
Exploits1References4
OSV
OSV
added 2018/11/09 7:29 p.m.20 views

CVE-2018-19136

DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter...

6.1CVSS5.7AI score0.06653EPSS
Exploits5References2
Prion
Prion
added 2018/05/24 7:29 a.m.16 views

Design/Logic Flaw

DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter...

3.5CVSS5.2AI score0.01796EPSS
Exploits5References2Affected Software1
Rows per page
Query Builder