4655 matches found
CVE-2026-57772
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Inventory WP Inventory Manager wp-inventory-manager allows Blind SQL Injection.This issue affects WP Inventory Manager: from n/a through = 2.4.0...
CVE-2026-57772 WordPress WP Inventory Manager plugin <= 2.4.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Inventory WP Inventory Manager wp-inventory-manager allows Blind SQL Injection.This issue affects WP Inventory Manager: from n/a through = 2.4.0...
CVE-2026-57772
CVE-2026-57772 concerns WP Inventory Manager (WordPress plugin) with an SQL Injection issue in the wp-inventory-manager component. The vulnerability is described as Blind SQL Injection and affects WP Inventory Manager versions up to and including 2.4.0 (and from an unspecified starting version). ...
CVE-2026-55462
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UsersController::show and printInventory authorize only user viewing before loading and rendering assigned license, accessory, and consumable relationships, allowing an authenticated user with only users.view to see inventory and...
CVE-2026-55462 Snipe-IT: Authorization bypass on print inventory page
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UsersController::show and printInventory authorize only user viewing before loading and rendering assigned license, accessory, and consumable relationships, allowing an authenticated user with only users.view to see inventory and...
CVE-2026-55462 Snipe-IT: Authorization bypass on print inventory page
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UsersController::show and printInventory authorize only user viewing before loading and rendering assigned license, accessory, and consumable relationships, allowing an authenticated user with only users.view to see inventory and...
CVE-2026-55462
Snipe-IT (IT asset/license management) is affected in versions prior to 8.6.2. The vulnerability in UsersController::show() and printInventory() allows an authenticated user with only the users.view permission to access inventory and cost/order metadata from modules that would normally be restric...
CVE-2026-56401
Wazuh wazuh-modulesd before 5.0.0-beta3 contains a null pointer dereference vulnerability in inventorysync FlatBuffer DataValue handling. An enrolled agent can send a verifier-valid DataValue message omitting the optional id field, causing wazuh-modulesd to crash when dereferencing...
CVE-2026-56401 Wazuh - NULL Pointer Dereference in inventory_sync DataValue FlatBuffer Handling
Wazuh wazuh-modulesd before 5.0.0-beta3 contains a null pointer dereference vulnerability in inventorysync FlatBuffer DataValue handling. An enrolled agent can send a verifier-valid DataValue message omitting the optional id field, causing wazuh-modulesd to crash when dereferencing...
EUVD-2026-42261
Wazuh wazuh-modulesd before 5.0.0-beta3 contains a null pointer dereference vulnerability in inventorysync FlatBuffer DataValue handling. An enrolled agent can send a verifier-valid DataValue message omitting the optional id field, causing wazuh-modulesd to crash when dereferencing...
CVE-2026-56401
CVE-2026-56401 affects Wazuh wazuh-modulesd (inventory_sync FlatBuffer DataValue handling). The root cause is a null pointer dereference when an attacker omits the optional id field in a verifier-valid DataValue message, causing wazuh-modulesd to crash on dereferencing data->id()->string_vi...
GHSA-GVHC-WV3V-7PF8 Kite has an authenticated cluster RBAC bypass in /api/v1/overview
Summary Authenticated Kite users with any role can request /api/v1/overview for a cluster that their roles do not permit by selecting that cluster with x-cluster-name. The overview route is registered before middleware.RBACMiddleware and GetOverview only checks lenuser.Roles 0, so it returns...
Important: Red Hat Security Advisory: satellite/foreman-mcp-server-rhel9 container image available as a Technology Preview
A new satellite/foreman-mcp-server-rhel9 container image is now available as a Technology Preview in the Red Hat container registry. Satellite provides a container image that you can use to run an MCP server locally. The MCP server for Satellite is designed for advanced reporting and data analysi...
WordPress WP Inventory Manager plugin <= 2.4.0 - SQL Injection vulnerability
SQL Injection vulnerability discovered by dodoh4t in WordPress Plugin WP Inventory Manager versions = 2.4.0...
CVE-2026-11781 Adminify < 4.2.10 - Contributor+ Sensitive Information Disclosure via Global Search AJAX
The Adminify WordPress plugin before 4.2.10 does not perform per-user read-capability checks on the results returned by one of its administration search features, allowing users with a low-privilege role Contributor to disclose non-public content that WordPress would not otherwise expose to them,...
Moderate: Red Hat Security Advisory: General availability of the satellite/iop-host-inventory-rhel9 container image
A new satellite/iop-host-inventory-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services,...
Important: Red Hat Security Advisory: General availability of the satellite/iop-host-inventory-frontend-rhel9 container image
A new satellite/iop-host-inventory-frontend-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running...
CVE-2026-13568
A weakness has been identified in SourceCodester Inventory Management System 1.0. This vulnerability affects unknown code of the file /api/usershandler.php of the component User Registration Endpoint. This manipulation of the argument role causes improper access controls. Remote exploitation of t...
CVE-2026-13570
A vulnerability was detected in SourceCodester Inventory Management System 1.0. Impacted is an unknown function of the file /api/usershandler.php of the component User Registration Endpoint. Performing a manipulation of the argument fullname results in cross site scripting. The attack is possible...
CVE-2026-13570
A vulnerability was detected in SourceCodester Inventory Management System 1.0. Impacted is an unknown function of the file /api/usershandler.php of the component User Registration Endpoint. Performing a manipulation of the argument fullname results in cross site scripting. The attack is possible...