Lucene search
K

7086 matches found

Nuclei
Nuclei
added 6 hours ago15 views

WSO2 - Server Side Request Forgery

WSO2 products contain SSRF and reflected XSS vulnerabilities in the deprecated Try-It feature accessible only to administrative users, caused by improper URL validation and direct content reflection, letting attackers trick admins into executing arbitrary JavaScript and querying internal services...

5.9CVSS6.2AI score0.00583EPSS
Exploits0References1
Nuclei
Nuclei
added 6 hours ago64 views

BIQS IT Biqs-drive v1.83 Local File Inclusion

A local file inclusion vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user. id: CVE-2021-394...

7.5CVSS7AI score0.08449EPSS
Exploits1References5
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in crazynut (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99acc5fd6f39abd90d81467df8fe55d92230edd286a12d9f628ad6f9c1c34a9a The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
Circl
Circl
added 2 days ago5 views

CVE-2020-15499

creationtimestamp| type| source ---|---|--- 2026-07-12 22:00:17+00:00| seen| https://t.me/pleyadesit/7081 2026-07-13 00:00:41+00:00| seen| https://t.me/pleyadesit/7081 2026-07-14 00:00:49+00:00| seen| https://t.me/pleyadesit/7081...

6.1CVSS6.4AI score0.00649EPSS
Exploits0References1
Circl
Circl
added 2 days ago6 views

CVE-2020-15299

creationtimestamp| type| source ---|---|--- 2026-07-12 22:00:17+00:00| seen| https://t.me/pleyadesit/6928 2026-07-13 00:00:41+00:00| seen| https://t.me/pleyadesit/6928 2026-07-14 00:00:49+00:00| seen| https://t.me/pleyadesit/6928...

6.1CVSS6.4AI score0.4696EPSS
Exploits1References1
Circl
Circl
added 2 days ago2 views

CVE-2020-24436

creationtimestamp| type| source ---|---|--- 2026-07-12 22:00:16+00:00| seen| https://t.me/pleyadesit/7890 2026-07-13 00:00:40+00:00| seen| https://t.me/pleyadesit/7890 2026-07-14 00:00:51+00:00| seen| https://t.me/pleyadesit/7890...

7.8CVSS7AI score0.16348EPSS
Exploits0References1
NVD
NVD
added 4 days ago5 views

CVE-2026-55479

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the legacy single-seat license checkin flow authorizes the action with the checkout permission instead of the checkin permission, allowing a user who can assign licenses but not unassign them to directly access the old checkin...

5.3CVSS0.00238EPSS
Exploits0References3
NVD
NVD
added 4 days ago7 views

CVE-2026-55475

Snipe-IT is an IT asset/license management system. Prior to 8.6.1, the Importer API endpoint allows a user with CSV import capabilities and a valid API key to overwrite the createdby value of an import file, allowing unauthorized modification of import ownership metadata. This issue is fixed in...

5.7CVSS0.00195EPSS
Exploits0References4
NVD
NVD
added 4 days ago5 views

CVE-2026-55481

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, default.blade.php renders headercolor and related branding color settings inside a CSS style block with HTML escaping that is insufficient for the CSS context, allowing a superadmin to inject arbitrary CSS that affects authenticat...

6.2CVSS0.00389EPSS
Exploits0References4
NVD
NVD
added 4 days ago7 views

CVE-2026-55466

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UploadFileRequest sanitizes SVG content only when PHP finfo reports image/svg+xml and UploadedFilesController serves attachments inline without using StorageHelper::allowSafeInline, allowing a low-privilege user to upload active...

8.7CVSS0.00351EPSS
Exploits1References3
NVD
NVD
added 4 days ago7 views

CVE-2026-55462

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UsersController::show and printInventory authorize only user viewing before loading and rendering assigned license, accessory, and consumable relationships, allowing an authenticated user with only users.view to see inventory and...

4.3CVSS0.00252EPSS
Exploits1References3
NVD
NVD
added 4 days ago6 views

CVE-2026-55461

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the user edit flow stores url-previous from the attacker-controlled Referer header into Laravel’s intended URL session value and later uses redirect-intended... when redirectoption=back is submitted, allowing Snipe-IT to be used a...

6.1CVSS0.00232EPSS
Exploits0References3
NVD
NVD
added 4 days ago6 views

CVE-2026-55452

Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction stores the request User-Agent header and ReportsController::postActivityReport writes that value to the Activity Report CSV without formula escaping, allowing a low-privileged authenticated user to store a...

7.3CVSS0.00269EPSS
Exploits0References3
CVE
CVE
added 4 days ago7 views

CVE-2026-55481

Snipe-IT (IT asset/license management) prior to 8.6.2 is affected by a CSS injection vulnerability in default.blade.php: header_color and related branding color settings are rendered inside a CSS style block with insufficient HTML escaping for the CSS context. This allows a superadmin to inject a...

6.2CVSS6.2AI score0.00389EPSS
Exploits0References4Affected Software1
OSV
OSV
added 4 days ago2 views

CVE-2026-55475 Snipe-IT: Import created_by can be overwritten

Snipe-IT is an IT asset/license management system. Prior to 8.6.1, the Importer API endpoint allows a user with CSV import capabilities and a valid API key to overwrite the createdby value of an import file, allowing unauthorized modification of import ownership metadata. This issue is fixed in...

5.7CVSS6.1AI score0.00195EPSS
Exploits0References6
CVE
CVE
added 4 days ago11 views

CVE-2026-55475

Snipe-IT prior to version 8.6.1 is vulnerable via the Importer API endpoint where a user with CSV import capabilities and a valid API key can overwrite the created_by value of an import file, enabling unauthorized modification of import ownership metadata. The issue is fixed in version 8.6.1. Thi...

5.7CVSS6.1AI score0.00195EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-43000

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated user with import and assets.update permissions can place a path traversal string in an asset image field through CSV import and then trigger image deletion, allowing deletion of arbitrary files accessible to the...

6.5CVSS6.2AI score0.00378EPSS
Exploits0References3
CVE
CVE
added 4 days ago9 views

CVE-2026-55461

Snipe-IT (IT asset/license management) versions prior to 8.6.2 are vulnerable: the user edit flow stores url()->previous() from the attacker-controlled Referer header into Laravel’s intended URL session value and subsequently uses redirect()->intended(...) when redirect_option=back is submi...

6.1CVSS6.1AI score0.00232EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42998

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the legacy single-seat license checkin flow authorizes the action with the checkout permission instead of the checkin permission, allowing a user who can assign licenses but not unassign them to directly access the old checkin...

5.3CVSS6.1AI score0.00238EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-55479 Snipe-IT: Incorrect permission for legacy license checkin API

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the legacy single-seat license checkin flow authorizes the action with the checkout permission instead of the checkin permission, allowing a user who can assign licenses but not unassign them to directly access the old checkin...

5.3CVSS0.00238EPSS
Exploits0References3
Rows per page
Query Builder