7 matches found
CVE-2026-38533
An improper authorization vulnerability in the /api/v1/users/id endpoint of Snipe-IT v8.4.0 allows authenticated attackers with the users.edit permission to modify sensitive authentication and account-state fields of other non-admin users via supplying a crafted PUT request...
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
...
PT-2022-2799 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab Enterprise Edition versions 11.10 through 14.9.5 GitLab Enterprise Edition versions 14.10 through 14.10.4 GitLab Enterprise Edition versions 15.0 through 15.0.1 Description: The issue is related to the SCIM feature in GitLab, which can...
Exploit for Cross-site Scripting in 2Code Wpqa_Builder
CVE-2022-1051 WPQA 5.2 - Subscriber+ Stored Cross-Site Sc...
CVE-2021-45388
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-45608. Reason: This candidate is a reservation duplicate of CVE-2021-45608. Notes: All CVE users should reference CVE-2021-45608 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...
Cross site request forgery (csrf)
iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in the form used for searching for users, accessible via /index.php. This can be combined with reflected XSS...
Office 2010 1104
Office 2010 1104...