5 matches found
CVE-2026-55479
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the legacy single-seat license checkin flow authorizes the action with the checkout permission instead of the checkin permission, allowing a user who can assign licenses but not unassign them to directly access the old checkin...
CVE-2026-54329
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the Accessories API create path mass-assigns request parameters to the Accessory model while companyid is mass assignable, allowing a low-privileged authenticated user in one company to create accessory records under another compa...
CVE-2026-55464
Snipe-IT (IT asset/license management) is affected by CVE-2026-55464 prior to version 8.6.2. The issue arises from CommonMark escaping raw HTML but not sanitizing javascript: URIs in Markdown hyperlinks within a markdown-textarea custom field. A user with assets.edit permission can insert a malic...
CVE-2026-54329
Summary: CVE-2026-54329 affects Snipe-IT before 8.6.2, where the Accessories API can mass-assign the company_id field, enabling a low-privilege user in one company (with FMCS enabled) to create accessory records under another company. Root cause: API create path mass-assigns request parameters di...
Atlassian JIRA Server and Atlassian JIRA Data Center Cross-Site Scripting Vulnerabilities
Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia.Atlassian JIRA Server is the server version of a defect tracking management system. Atlassian JIRA Server is the server version of a defect tracking management system that is used to track and manage all...