Lucene search
K

7040 matches found

Vulnrichment
Vulnrichment
added 2026/05/26 7:30 p.m.8 views

CVE-2026-44833 Snipe-IT: Open redirect vulnerability

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. This vulnerability is fixed in 8.4.1...

5.9CVSS5.8AI score0.00163EPSS
Exploits0References2
CVE
CVE
added 2026/05/26 7:30 p.m.24 views

CVE-2026-44833

The CVE-2026-44833 affects Snipe-IT up to version 8.4.0, where an open redirect vulnerability arises from using an unvalidated HTTP Referer header stored in a session variable. When a user action triggers a redirect (e.g., Save with redirect option set to back), the application reads the back_url...

7.1CVSS5.8AI score0.00163EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/26 7:29 p.m.34 views

CVE-2026-44832 Snipe-IT: Privilege Escalation via API Permissions Assignment

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/id with permissionsadmin=1. The API controller only strips the superuser key from the...

8.7CVSS0.00314EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/26 7:29 p.m.8 views

CVE-2026-44832 Snipe-IT: Privilege Escalation via API Permissions Assignment

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/id with permissionsadmin=1. The API controller only strips the superuser key from the...

7.1CVSS5.8AI score0.00314EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/26 7:29 p.m.15 views

EUVD-2026-31962

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/id with permissionsadmin=1. The API controller only strips the superuser key from the...

8.8CVSS5.8AI score0.00314EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 7:29 p.m.8 views

CVE-2026-44832

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/id with permissionsadmin=1. The API controller only strips the superuser key from the...

8.8CVSS5.8AI score0.00314EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/26 7:29 p.m.24 views

CVE-2026-44832

Snipe-IT (asset/license management) contains a privilege-escalation vulnerability prior to version 8.4.1. An authenticated user with only users.edit permission can elevate themselves to admin by PATCHing /api/v1/users/{id} with permissions[admin]=1. The API controller erroneously strips only the ...

8.8CVSS5.8AI score0.00314EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/26 7:27 p.m.36 views

CVE-2026-44831 Snipe-IT: XSS vulnerability in component notes

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting XSS. This vulnerability is fixed in 8.4.1...

4.8CVSS0.00218EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/26 7:27 p.m.18 views

EUVD-2026-31960

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting XSS. This vulnerability is fixed in 8.4.1...

5.4CVSS5.6AI score0.00218EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 7:27 p.m.9 views

CVE-2026-44831

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting XSS. This vulnerability is fixed in 8.4.1...

5.4CVSS5.6AI score0.00218EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/26 7:27 p.m.10 views

CVE-2026-44831 Snipe-IT: XSS vulnerability in component notes

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting XSS. This vulnerability is fixed in 8.4.1...

4.8CVSS5.6AI score0.00218EPSS
Exploits0References2
CVE
CVE
added 2026/05/26 7:27 p.m.23 views

CVE-2026-44831

CVE-2026-44831 affects Snipe-IT, an IT asset/license management system. Prior to v8.4.1, users with component view access could trigger stored XSS via an unescaped notes field in the component checkout process. The issue is fixed in v8.4.1 or later. If you are using versions before 8.4.1, upgrade...

5.4CVSS5.6AI score0.00218EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

Snipe-IT 安全漏洞

Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT prior to 8.4.1 contained security vulnerabilities. These vulnerabilities stemmed from the API controller, which only removed the superuser key from the permission array, potentially...

8.8CVSS5.8AI score0.00314EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

Snipe-IT 输入验证错误漏洞

Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT prior to 8.4.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from the unauthorized storage of HTTP Referer headers in session variables,...

7.1CVSS5.8AI score0.00163EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.9 views

Snipe-IT 跨站脚本漏洞

Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT prior to 8.4.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from unescaped notes columns, which could lead to cross-site scripting attacks...

5.4CVSS5.6AI score0.00218EPSS
Exploits0References3
Circl
Circl
added 2026/05/25 12:1 a.m.20 views

CVE-2026-43503

creationtimestamp| type| source ---|---|--- 2026-05-25 00:01:44+00:00| seen| https://bsky.app/profile/slackers.it/post/3mmn6erb63j2i 2026-05-25 00:01:48+00:00| seen| https://bsky.app/profile/slackers.it/post/3mmn6evpgsz2i 2026-05-25 10:59:12+00:00| seen|...

8.8CVSS6.5AI score0.00135EPSS
Exploits7References84
Circl
Circl
added 2026/05/23 11:47 p.m.7 views

CVE-2026-48988

creationtimestamp| type| source ---|---|--- 2026-05-23 23:47:27+00:00| published-proof-of-concept| https://github.com/markdown-it/markdown-it/security/advisories/GHSA-6v5v-wf23-fmfq 2026-06-17 22:39:57+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mojeymb5ll2z...

5.3CVSS5.8AI score0.00306EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 11:8 p.m.14 views

Malicious code in martinez-polygon-clipping-tony (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dabf04b2f99e28eb10740bd7459bf64513fac98a064b60071b1e7aabf8674dd0 Package name impersonates the legitimate martinez-polygon-clipping library: README, badges, and API surface are copied verbatim, while repository...

5.7AI score
Exploits0References2
Wired Threat Level
Wired Threat Level
added 2026/05/19 9:30 a.m.12 views

You Can Get Some of Your Nudes Removed From the Internet Under a New Law

Starting May 19, tech platforms in the US will have to comply with the Take It Down Act. Here’s how more than a dozen major platforms are handling takedown demands for your nonconsensual nudes...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/05/15 11:24 a.m.8 views

Malicious Package

Overview thesecretofrunningbyhansvandijkronvanmegen02jsk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder