CVE-2026-38533

An improper authorization vulnerability in the /api/v1/users/id endpoint of Snipe-IT v8.4.0 allows authenticated attackers with the users.edit permission to modify sensitive authentication and account-state fields of other non-admin users via supplying a crafted PUT request...

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

...

PT-2022-2799 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab Enterprise Edition versions 11.10 through 14.9.5 GitLab Enterprise Edition versions 14.10 through 14.10.4 GitLab Enterprise Edition versions 15.0 through 15.0.1 Description: The issue is related to the SCIM feature in GitLab, which can...

Exploit for Cross-site Scripting in 2Code Wpqa_Builder

CVE-2022-1051 WPQA 5.2 - Subscriber+ Stored Cross-Site Sc...

Cross site request forgery (csrf)

iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in the form used for searching for users, accessible via /index.php. This can be combined with reflected XSS...

Office 2010 1104

Office 2010 1104...