Lucene search
K

4655 matches found

NVD
NVD
added yesterday6 views

CVE-2026-57772

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Inventory WP Inventory Manager wp-inventory-manager allows Blind SQL Injection.This issue affects WP Inventory Manager: from n/a through = 2.4.0...

8.5CVSS0.00357EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday16 views

CVE-2026-57772 WordPress WP Inventory Manager plugin <= 2.4.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Inventory WP Inventory Manager wp-inventory-manager allows Blind SQL Injection.This issue affects WP Inventory Manager: from n/a through = 2.4.0...

8.5CVSS0.00357EPSS
Exploits0References1
CVE
CVE
added yesterday13 views

CVE-2026-57772

CVE-2026-57772 concerns WP Inventory Manager (WordPress plugin) with an SQL Injection issue in the wp-inventory-manager component. The vulnerability is described as Blind SQL Injection and affects WP Inventory Manager versions up to and including 2.4.0 (and from an unspecified starting version). ...

8.5CVSS6.1AI score0.00357EPSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-55462

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UsersController::show and printInventory authorize only user viewing before loading and rendering assigned license, accessory, and consumable relationships, allowing an authenticated user with only users.view to see inventory and...

4.3CVSS0.00252EPSS
Exploits1References3
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-55462 Snipe-IT: Authorization bypass on print inventory page

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UsersController::show and printInventory authorize only user viewing before loading and rendering assigned license, accessory, and consumable relationships, allowing an authenticated user with only users.view to see inventory and...

4.3CVSS0.00252EPSS
Exploits1References3
OSV
OSV
added 4 days ago1 views

CVE-2026-55462 Snipe-IT: Authorization bypass on print inventory page

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UsersController::show and printInventory authorize only user viewing before loading and rendering assigned license, accessory, and consumable relationships, allowing an authenticated user with only users.view to see inventory and...

4.3CVSS6.1AI score0.00252EPSS
Exploits1References5
CVE
CVE
added 4 days ago5 views

CVE-2026-55462

Snipe-IT (IT asset/license management) is affected in versions prior to 8.6.2. The vulnerability in UsersController::show() and printInventory() allows an authenticated user with only the users.view permission to access inventory and cost/order metadata from modules that would normally be restric...

4.3CVSS6.1AI score0.00252EPSS
Exploits1References3Affected Software1
NVD
NVD
added 6 days ago9 views

CVE-2026-56401

Wazuh wazuh-modulesd before 5.0.0-beta3 contains a null pointer dereference vulnerability in inventorysync FlatBuffer DataValue handling. An enrolled agent can send a verifier-valid DataValue message omitting the optional id field, causing wazuh-modulesd to crash when dereferencing...

7.1CVSS0.00325EPSS
Exploits1References3
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-56401 Wazuh - NULL Pointer Dereference in inventory_sync DataValue FlatBuffer Handling

Wazuh wazuh-modulesd before 5.0.0-beta3 contains a null pointer dereference vulnerability in inventorysync FlatBuffer DataValue handling. An enrolled agent can send a verifier-valid DataValue message omitting the optional id field, causing wazuh-modulesd to crash when dereferencing...

7.1CVSS0.00325EPSS
Exploits1References3
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42261

Wazuh wazuh-modulesd before 5.0.0-beta3 contains a null pointer dereference vulnerability in inventorysync FlatBuffer DataValue handling. An enrolled agent can send a verifier-valid DataValue message omitting the optional id field, causing wazuh-modulesd to crash when dereferencing...

7.1CVSS6AI score0.00325EPSS
Exploits1References3
CVE
CVE
added 6 days ago15 views

CVE-2026-56401

CVE-2026-56401 affects Wazuh wazuh-modulesd (inventory_sync FlatBuffer DataValue handling). The root cause is a null pointer dereference when an attacker omits the optional id field in a verifier-valid DataValue message, causing wazuh-modulesd to crash on dereferencing data-&gt;id()-&gt;string_vi...

7.1CVSS6AI score0.00325EPSS
Exploits1References3Affected Software1
OSV
OSV
added last week7 views

GHSA-GVHC-WV3V-7PF8 Kite has an authenticated cluster RBAC bypass in /api/v1/overview

Summary Authenticated Kite users with any role can request /api/v1/overview for a cluster that their roles do not permit by selecting that cluster with x-cluster-name. The overview route is registered before middleware.RBACMiddleware and GetOverview only checks lenuser.Roles 0, so it returns...

4.3CVSS6AI score
Exploits0References2
RedHat Linux
RedHat Linux
added last week7 views

Important: Red Hat Security Advisory: satellite/foreman-mcp-server-rhel9 container image available as a Technology Preview

A new satellite/foreman-mcp-server-rhel9 container image is now available as a Technology Preview in the Red Hat container registry. Satellite provides a container image that you can use to run an MCP server locally. The MCP server for Satellite is designed for advanced reporting and data analysi...

10CVSS5.8AI score0.01011EPSS
Exploits4References9
Patchstack
Patchstack
added 2026/07/02 12:6 p.m.7 views

WordPress WP Inventory Manager plugin <= 2.4.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by dodoh4t in WordPress Plugin WP Inventory Manager versions = 2.4.0...

8.5CVSS6AI score0.00357EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/07/02 6:0 a.m.40 views

CVE-2026-11781 Adminify < 4.2.10 - Contributor+ Sensitive Information Disclosure via Global Search AJAX

The Adminify WordPress plugin before 4.2.10 does not perform per-user read-capability checks on the results returned by one of its administration search features, allowing users with a low-privilege role Contributor to disclose non-public content that WordPress would not otherwise expose to them,...

0.00189EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/07/01 8:43 p.m.7 views

Moderate: Red Hat Security Advisory: General availability of the satellite/iop-host-inventory-rhel9 container image

A new satellite/iop-host-inventory-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services,...

8.2CVSS6.1AI score0.01438EPSS
Exploits2References7
RedHat Linux
RedHat Linux
added 2026/07/01 8:43 p.m.8 views

Important: Red Hat Security Advisory: General availability of the satellite/iop-host-inventory-frontend-rhel9 container image

A new satellite/iop-host-inventory-frontend-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running...

8.9CVSS6.7AI score0.01041EPSS
Exploits3References9
NVD
NVD
added 2026/06/29 2:16 p.m.10 views

CVE-2026-13568

A weakness has been identified in SourceCodester Inventory Management System 1.0. This vulnerability affects unknown code of the file /api/usershandler.php of the component User Registration Endpoint. This manipulation of the argument role causes improper access controls. Remote exploitation of t...

7.5CVSS0.00278EPSS
Exploits0References5
NVD
NVD
added 2026/06/29 2:16 p.m.9 views

CVE-2026-13570

A vulnerability was detected in SourceCodester Inventory Management System 1.0. Impacted is an unknown function of the file /api/usershandler.php of the component User Registration Endpoint. Performing a manipulation of the argument fullname results in cross site scripting. The attack is possible...

5.1CVSS0.00191EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/29 1:15 p.m.7 views

CVE-2026-13570

A vulnerability was detected in SourceCodester Inventory Management System 1.0. Impacted is an unknown function of the file /api/usershandler.php of the component User Registration Endpoint. Performing a manipulation of the argument fullname results in cross site scripting. The attack is possible...

5.1CVSS4.4AI score0.00191EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder