Lucene search
K

86 matches found

CVE
CVE
added 3 days ago7 views

CVE-2026-55464

Snipe-IT (IT asset/license management) is affected by CVE-2026-55464 prior to version 8.6.2. The issue arises from CommonMark escaping raw HTML but not sanitizing javascript: URIs in Markdown hyperlinks within a markdown-textarea custom field. A user with assets.edit permission can insert a malic...

5.4CVSS6.2AI score0.00173EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-55464 Snipe-IT: Stored XSS via Markdown custom field

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, CommonMark escapes raw HTML but does not sanitize javascript: URIs in Markdown hyperlinks, allowing a user with assets.edit permission to place a malicious link in a markdown-textarea custom field that executes arbitrary JavaScrip...

4.8CVSS0.00173EPSS
Exploits0References3
OSV
OSV
added 2026/07/02 5:51 p.m.4 views

GHSA-4H7G-5542-V3FC mediawiki/maps has stored XSS through the overlays parameter in the display_map parser function

Summary Stored XSS through wikitext can be performed by inserting malicious HTML into the overlays parameter of the displaymap parser function when using the leaflet service. Details The maps extension doesn't escape overlay names before passing them to leaflet. Leaflet then inserts them as HTML:...

8.6CVSS5.8AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/01 5:32 p.m.5 views

foreman: Foreman: Unauthorized modification of host configurations via broken access control

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing...

6.5CVSS5.7AI score0.00242EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.8 views

PT-2026-51620

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.5.0 Description A missing authorization issue allows a user with permissions to edit other users to reset the two-factor authentication 2FA of a superadmin. Recommendations Update to version 8.5.0...

5.8CVSS5.9AI score0.00019EPSS
Exploits0References4
OSV
OSV
added 2026/06/17 6:39 p.m.5 views

DRUPAL-CONTRIB-2026-049

The Flag attendance field module gives you the ability to add attendance by depending on Flag module. flagattendancefield stores some data as PHP-serialized strings. In some situations, malicious data can be written directly to the field. This can lead to an object injection vulnerability when th...

9.8CVSS5.5AI score0.00173EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50582

Name of the Vulnerable Software and Affected Versions Drupal Formatter Field versions 0.0.0 through 2.0.0 Description Improperly controlled modification of dynamically-determined object attributes in the Formatter Field module allows for Object Injection. This occurs because the module stores dat...

6.1AI score0.00173EPSS
Exploits0References3
OSV
OSV
added 2026/06/10 5:7 p.m.10 views

DRUPAL-CONTRIB-2026-043

This module integrates the Tagify JavaScript library to enhance entity reference selection in entity reference widgets. The module does not properly sanitise the name of parent taxonomy terms when rendering suggestions in the Tagify dropdown. This results in a cross-site scripting vulnerability...

5.6AI score0.00161EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 11:16 a.m.12 views

CVE-2026-47350

Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3...

5.3CVSS0.00238EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.13 views

PT-2026-47743

Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions 13.0.0 through 13.4.31 TYPO3 CMS versions 14.0.0 through 14.3.3 Description Backend users can move records to a different page even if they lack the necessary edit permissions on the source page. Recommendations Update TYPO3...

5.3CVSS5.2AI score0.00238EPSS
Exploits0References9
NVD
NVD
added 2026/06/08 5:16 p.m.18 views

CVE-2026-48507

Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular users.edit permission to lock every admin out of the instance by editing the activated flag which determines whether or not a user can login and the...

7.1CVSS0.00194EPSS
Exploits0References2
CVE
CVE
added 2026/06/08 3:41 p.m.30 views

CVE-2026-48507

Snipe-IT (IT asset/license management system) has a vulnerability affecting versions before 8.6.0. A non-admin user with only the granular users.edit permission can lock out admins by editing the activated flag (login eligibility) and the ldap_import flag (password reset requests). The issue is f...

7.1CVSS5.5AI score0.00194EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.11 views

CVE-2026-42839

An authenticated ERPNext user with Item record edit permissions can persist arbitrary HTML/JavaScript in the itemname, description, or image fields of an Item and trigger unescaped rendering in the Point of Sale POS cart interface for every operator who adds that item to a transaction.This issue...

4.8CVSS5.6AI score0.00261EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.22 views

PT-2026-46858

Summary AVideo stores category descriptions from user input and later renders category description as raw HTML in the Gallery view. A user who can create or edit categories can store JavaScript in a category description, which executes when another user views the affected Gallery/category page...

5.4CVSS5.9AI score0.00162EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/01 10:3 p.m.13 views

CVE-2026-48810

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, while investigating the ThreadPolicy::delete issue reported previously, the same missing mailbox membership check was found in the sibling ThreadPolicy::edit method. A user with the...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 7:48 p.m.28 views

CVE-2026-48810

FreeScout (Laravel PHP) contains a vulnerability where ThreadPolicy::edit allows a user with PERM_EDIT_CONVERSATIONS who created a message in Mailbox A to rewrite the thread after being removed from the mailbox, due to a missing mailbox membership check (the same issue observed in ThreadPolicy::d...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 7:48 p.m.9 views

CVE-2026-48810 FreeScout: Thread Edit Authorization Bypass via Missing Mailbox Check

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, while investigating the ThreadPolicy::delete issue reported previously, the same missing mailbox membership check was found in the sibling ThreadPolicy::edit method. A user with the...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 7:29 p.m.15 views

EUVD-2026-31962

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/id with permissionsadmin=1. The API controller only strips the superuser key from the...

8.8CVSS5.8AI score0.00314EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

Snipe-IT 安全漏洞

Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT prior to 8.4.1 contained security vulnerabilities. These vulnerabilities stemmed from the API controller, which only removed the superuser key from the permission array, potentially...

8.8CVSS5.8AI score0.00314EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/18 6:53 a.m.40 views

CVE-2026-3637 Mattermost fails to enforce create_post permission when editing posts

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check the createpost channel permission during post edit operations which allows an authenticated attacker with revoked posting privileges to modify their existing posts via direct API requests to the post update and...

4.3CVSS0.00152EPSS
Exploits0References1
Rows per page
Query Builder