Lucene search
K

811 matches found

NVD
NVD
added 5 days ago6 views

CVE-2026-55515

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the unaccepted-assets report delete endpoint authorizes only reports.view and deletes CheckoutAcceptance::pending-find$acceptanceId by global ID without checking access to the related checkoutable asset, allowing a reports user in...

5CVSS0.00248EPSS
Exploits1References3
NVD
NVD
added 5 days ago7 views

CVE-2026-55472

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, when Full Multiple Companies Support and scopelocationsfmcs are enabled, the API location creation endpoint detects an invalid parent-child company mismatch but does not return immediately, allowing creation of a child location...

4.3CVSS0.00197EPSS
Exploits0References3
NVD
NVD
added 5 days ago8 views

CVE-2026-54329

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the Accessories API create path mass-assigns request parameters to the Accessory model while companyid is mass assignable, allowing a low-privileged authenticated user in one company to create accessory records under another compa...

8.5CVSS0.00389EPSS
Exploits0References5
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-55472 Snipe-IT: API Location Creation Bypasses FMCS Parent-Child Company Boundary Validation

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, when Full Multiple Companies Support and scopelocationsfmcs are enabled, the API location creation endpoint detects an invalid parent-child company mismatch but does not return immediately, allowing creation of a child location...

4.3CVSS0.00197EPSS
Exploits0References3
OSV
OSV
added 5 days ago3 views

CVE-2026-55472 Snipe-IT: API Location Creation Bypasses FMCS Parent-Child Company Boundary Validation

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, when Full Multiple Companies Support and scopelocationsfmcs are enabled, the API location creation endpoint detects an invalid parent-child company mismatch but does not return immediately, allowing creation of a child location...

4.3CVSS6.1AI score0.00197EPSS
Exploits0References5
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42982

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the Accessories API create path mass-assigns request parameters to the Accessory model while companyid is mass assignable, allowing a low-privileged authenticated user in one company to create accessory records under another compa...

8.5CVSS6.1AI score0.00389EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/23 11:12 p.m.12 views

Snipe-IT API Vulnerable to Cross-Tenant Accessory Injection

Impact A cross-tenant data injection vulnerability was identified in the Snipe-IT Accessories API when Full Multiple Companies Support FMCS is enabled. A low-privileged authenticated user belonging to one company can create an accessory record under another company by supplying a foreign companyi...

8.5CVSS5.8AI score0.00389EPSS
Exploits0References3Affected Software1
Schneier on Security
Schneier on Security
added 2026/06/12 11:3 a.m.30 views

Bernie Sanders’ AI Sovereign Wealth Fund Plan

Let no one accuse Bernie Sanders of ducking the big questions. Writing in the New York Times last week, the senator asked: "Will the future of humanity be determined by a handful of billionaires who have promoted and developed AI, with virtually no democratic input, who stand to become even riche...

5.6AI score
Exploits0
HackRead
HackRead
added 2026/06/08 6:56 p.m.21 views

Operation FlutterBridge Uses Fake Google Ads to Spread macOS Backdoor

Operation FlutterBridge uses fake Google ads and shell companies to deploy FlutterShell, a new macOS backdoor targeting unsuspecting users...

5.5AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2026/06/08 6:0 a.m.23 views

All the Ways Europe Is Ditching American Technology

A WIRED timeline shows how dozens of governments, companies, and other organizations across Europe are moving, or planning to shift, away from US Big Tech...

5.5AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/04 11:19 a.m.16 views

FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads

Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell. According to Palo Alto Networks Unit 42, the campaign is said to be the next stage of a previously reported activity cluster dubbed...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/14 12:0 a.m.15 views

Personal AI Infrastructure 5.0.0

PAI is a Personalized AI Platform designed to magnify your capabilities. It's designed for humans most of all, but can be used by teams, companies, or Federations of Planets desiring to be better versions of themselves. The goal of the project is to get people working with AI and lower the bar...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/16 10:49 p.m.24 views

@godmode-team/godmode (=1.6.1), @growthub/cli (>=0.3.1 <=0.3.44) +8 more potentially affected by unknown CVE via @paperclipai/server (>=0.2.7 <=2026.416.0-canary.1)

@paperclipai/server NPM version =0.2.7, =0.3.1, =0.1.45, =2026.324.0-canary.0, =0.0.2, =0.2.2, =0.6.5, =0.6.6 - solounicornclub =0.3.1 - stacy-cli =0.3.1 Source cves: unknown CVE Source advisory: OSV:GHSA-3XX2-MQJM-HG9X...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/16 10:48 p.m.9 views

companies.sh (>=2026.324.0-canary.0 <=2026.325.0-canary.3), corporateai (=2026.328.0-canary.0) +3 more potentially affected by unknown CVE via @paperclipai/server (>=2026.318.0-canary.0 <=2026.416.0-canary.1)

@paperclipai/server NPM version =2026.318.0-canary.0, =2026.324.0-canary.0, =2026.3.17-canary.3, =0.6.5, =0.6.6 Source cves: unknown CVE Source advisory: SNYK:JS-PAPERCLIPAISERVER-16421517...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/16 10:48 p.m.8 views

@godmode-team/godmode (=1.6.1), @growthub/cli (>=0.3.1 <=0.3.44) +8 more potentially affected by unknown CVE via @paperclipai/server (>=0.2.7 <=2026.416.0-canary.1)

@paperclipai/server NPM version =0.2.7, =0.3.1, =0.1.45, =2026.324.0-canary.0, =0.0.2, =0.2.2, =0.6.5, =0.6.6 - solounicornclub =0.3.1 - stacy-cli =0.3.1 Source cves: unknown CVE Source advisory: OSV:GHSA-VR7G-88FQ-VHQ3...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/16 10:47 p.m.9 views

companies.sh (>=2026.324.0-canary.0 <=2026.325.0-canary.3), corporateai (=2026.328.0-canary.0) +3 more potentially affected by unknown CVE via @paperclipai/server (>=2026.318.0-canary.0 <=2026.416.0-canary.1)

@paperclipai/server NPM version =2026.318.0-canary.0, =2026.324.0-canary.0, =2026.3.17-canary.3, =0.6.5, =0.6.6 Source cves: unknown CVE Source advisory: SNYK:JS-PAPERCLIPAISERVER-16421515...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/16 10:45 p.m.11 views

@paperclipai/server (>=2026.3.17-canary.2 <=2026.416.0-canary.1), companies.sh (>=2026.324.0-canary.0 <=2026.325.0-canary.3) +4 more potentially affected by unknown CVE via @paperclipai/adapter-codex-local (>=2026.318.0-canary.0 <=2026.416.0-canary.1)

@paperclipai/adapter-codex-local NPM version =2026.318.0-canary.0, =2026.3.17-canary.2, =2026.324.0-canary.0, =2026.3.17-canary.3, =0.6.5, =0.6.6 Source cves: unknown CVE Source advisory: SNYK:JS-PAPERCLIPAIADAPTERCODEXLOCAL-16421448...

5.8AI score
Exploits0
HackRead
HackRead
added 2026/03/16 4:29 p.m.8 views

Companies House Restores WebFiling After Flaw Exposed Director Details

Companies House fixed a WebFiling flaw that allowed users to view director details and alter company records before the service was taken offline and restored...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/02/03 10:1 p.m.2 views

CVE-2020-37082

webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database backup files without authentication. Attackers can directly access generated backup files in the companies/weberp/ directory by requesting the Backuptimestamp.sql.gz file...

9.8CVSS5.5AI score0.00541EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/02/03 10:1 p.m.3 views

EUVD-2020-30993

webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database backup files without authentication. Attackers can directly access generated backup files in the companies/weberp/ directory by requesting the Backuptimestamp.sql.gz file...

9.8CVSS5.5AI score0.00541EPSS
Exploits1References4
Rows per page
Query Builder