Lucene search
K

29 matches found

CVE
CVE
added 2 days ago9 views

CVE-2026-55475

Snipe-IT prior to version 8.6.1 is vulnerable via the Importer API endpoint where a user with CSV import capabilities and a valid API key can overwrite the created_by value of an import file, enabling unauthorized modification of import ownership metadata. The issue is fixed in version 8.6.1. Thi...

5.7CVSS6.1AI score0.00195EPSS
Exploits0References4
NVD
NVD
added 4 days ago7 views

CVE-2026-48492

Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, the GET /api/v1/object/selectlist API endpoint is missing an authorization check. Any user who can log into Snipe-IT - regardless of permissions - can retrieve a paginated list of all user accounts using only their web...

7.1CVSS0.00385EPSS
Exploits0References2
CVE
CVE
added 4 days ago15 views

CVE-2026-48492

CVE-2026-48492 affects Snipe-IT (IT asset/license management). Prior to version 8.6.1, the GET /api/v1/{object}/selectlist endpoint lacked an authorization check, allowing any logged-in user (with a web session cookie and no API token) to enumerate all user accounts and retrieve usernames, displa...

7.1CVSS6AI score0.00385EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-55542 Snipe-IT's S3 signature image retrieval lacks authorization before temporary URL

Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, Snipe-IT S3 signature image retrieval lacks authorization before temporary URL. On S3-backed deployments, authenticated users who know a signature filename can obtain a 5-minute signed S3 URL because the S3 branch returns...

5.3CVSS0.00281EPSS
Exploits0References2
CVE
CVE
added 4 days ago17 views

CVE-2026-55542

Snipe-IT prior to version 8.6.1 exposes a missing authorization check when retrieving S3 signature images. In S3-backed deployments, authenticated users who know a signature filename can obtain a 5-minute signed S3 URL because the S3 branch returns before the authorize() call used by the local-fi...

5.3CVSS6AI score0.00281EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.9 views

IBM WebSphere eXtreme Scale 8.6.1.0 < 8.6.1.6 (7277387)

The version of IBM WebSphere eXtreme Scale installed on the remote host is prior to 8.6.1.6. It is, therefore, affected by multiple vulnerabilities as referenced in the 7277387 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of...

7.5CVSS6AI score0.00702EPSS
Exploits0References7
VulnCheck KEV
VulnCheck KEV
added 2026/06/11 12:0 a.m.22 views

VulnCheck KEV: CVE-2026-35273

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Updates Environment Management. Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

9.8CVSS5.8AI score0.9233EPSS
In wildExploits3References8
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.29 views

PT-2026-48612

Name of the Vulnerable Software and Affected Versions Oracle PeopleSoft Enterprise PeopleTools versions 8.61 through 8.62 Description An unauthenticated remote code execution flaw exists in the Updates Environment Management component of Oracle PeopleSoft Enterprise PeopleTools. An attacker with...

10CVSS7.7AI score0.9233EPSS
Exploits3References297
OPENSUSE Linux
OPENSUSE Linux
added 2026/04/09 12:0 a.m.3 views

Security update for mapserver (moderate)

openSUSE security update: security update for mapserver ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20476-1 Rating: moderate References: bsc1260869 Cross-References: CVE-2026-33721 Affected Products: openSUSE Leap 16.0...

7.5CVSS5.9AI score0.00865EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-33721

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer's...

7.5CVSS5.8AI score0.00865EPSS
Exploits1References2
OSV
OSV
added 2026/03/27 12:15 a.m.5 views

CVE-2026-33721 MapServer has heap buffer overflow in SLD `Categorize` Threshold parsing

MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with mor...

5.3CVSS5.9AI score0.00865EPSS
Exploits1References5
CVE
CVE
added 2025/12/16 12:56 a.m.11 views

CVE-2025-68115

Parse Server is affected by a Cross-Site Scripting (XSS) vulnerability in its password reset and email verification HTML pages due to unescaped Mustache template variables. Affected versions are prior to 8.6.1 and 9.1.0-alpha.3; the patch escapes user-controlled values in those pages and is avail...

6.1CVSS5.3AI score0.00183EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/16 12:56 a.m.1 views

CVE-2025-68115 Parse Server vulnerable to Cross-Site Scripting (XSS) via Unescaped Mustache Template Variables

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 8.6.1 and 9.1.0-alpha.3, a Reflected Cross-Site Scripting XSS vulnerability exists in Parse Server's password reset and email verification HTML pages. The patch, available ...

5.3CVSS5.3AI score0.00183EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.6 views

PT-2025-51360

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.1 Parse Server versions prior to 9.1.0-alpha.3 Description Parse Server, an open source backend deployable on Node.js infrastructures, contains a Reflected Cross-Site Scripting XSS issue in its password reset...

6.1CVSS5.8AI score0.00183EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/10/22 8:19 p.m.5 views

CVE-2025-61750

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Query. Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTool...

4.3CVSS4.9AI score0.00261EPSS
Exploits0References1
OSV
OSV
added 2025/10/21 8:20 p.m.3 views

CVE-2025-61750

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Query. Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTool...

4.3CVSS5.8AI score0.00261EPSS
Exploits0References1
OSV
OSV
added 2025/10/21 8:20 p.m.3 views

CVE-2025-53059

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: OpenSearch Dashboards. Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSof...

4.9CVSS5.8AI score0.00341EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/15 6:43 a.m.2 views

CVE-2025-11161 WPBakery Page Builder <= 8.6.1 - Stored Cross-Site Scripting via vc_custom_heading Shortcode

The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the vccustomheading shortcode in all versions up to, and including, 8.6.1. This is due to insufficient restriction of allowed HTML tags and improper sanitization of user-supplied attributes in the...

6.4CVSS4.6AI score0.00199EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/15 6:43 a.m.7 views

EUVD-2025-34532

The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom JS module in all versions up to, and including, 8.6.1. This is due to insufficient input sanitization and output escaping of user-supplied JavaScript code in the Custom JS module. This makes...

6.4CVSS4.7AI score0.00199EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/10/15 12:22 a.m.6 views

WordPress WPBakery Page Builder plugin <= 8.6.1 - Stored Cross-Site Scripting via vc_custom_heading Shortcode vulnerability

Stored Cross-Site Scripting via vccustomheading Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WPBakery Page Builder versions = 8.6.1...

6.4CVSS5.6AI score0.00199EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder