Lucene search
K

7000 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.18 views

CVE-2026-6031

A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unknown function of the file /add-category-function.php. Such manipulation of the argument Category leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the...

7.5CVSS7AI score0.00367EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.11 views

CVE-2026-4914

Stored XSS in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to obtain limited information from other user sessions. User interaction is required...

5.4CVSS5.5AI score0.00345EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.10 views

CVE-2026-40108

GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, a technician can store an XSS payload in a ITIL costs. This issue has been fixed in version 11.0.7...

7.1CVSS5.3AI score0.00268EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.11 views

CVE-2026-39454

SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may b...

8.5CVSS7.4AI score0.00112EPSS
Exploits0References1
OSV
OSV
added 2026/06/04 8:38 p.m.8 views

ROOT-APP-NPM-CVE-2026-2327 CVE-2026-2327 in @rootio/markdown-it - Patched by Root

Root has patched CVE-2026-2327 in the @rootio/markdown-it package for Root:npm. Multiple fixed versions available...

5.3CVSS7.1AI score0.00503EPSS
Exploits0
OSV
OSV
added 2026/06/03 2:54 p.m.1 views

ROOT-APP-PYPI-CVE-2023-26303 CVE-2023-26303 in rootio-markdown_it_py - Patched by Root

Root has patched CVE-2023-26303 in the rootio-markdownitpy package for Root:PyPI. Multiple fixed versions available...

5.5CVSS5.4AI score0.00225EPSS
Exploits0
NVD
NVD
added 2026/06/01 7:16 p.m.23 views

CVE-2026-9614

An Improper Access Control vulnerability in Ivanti Neurons for ITSM cloud and on-premises allows a remote authenticated attacker to gain administrative access...

8.8CVSS0.0144EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 5:50 p.m.13 views

EUVD-2026-33736

An Improper Access Control vulnerability in Ivanti Neurons for ITSM cloud and on-premises allows a remote authenticated attacker to gain administrative access...

8.8CVSS5.8AI score0.0144EPSS
Exploits0References1
Ivanti
Ivanti
added 2026/06/01 1:56 p.m.14 views

Security Advisory Ivanti Neurons for ITSM (CVE-2026-9614)

Ivanti has released updates for Ivanti Neurons for ITSM which addresses one high severity vulnerability. Successful exploitation could lead to authenticated privilege escalation to an administrator. We are not aware of any customers being exploited by this vulnerability at the time of disclosure...

8.8CVSS5.8AI score0.0144EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/01 10:29 a.m.10 views

com.infobip.kafkistry:kafkistry-app (>=0.7.0 <=0.10.1), com.infobip.kafkistry:kafkistry-auditing (>=0.7.0 <=0.10.1) +19 more potentially affected by CVE-2026-48827 via org.apache.sshd:sshd-git (>=2.10.0 <=2.17.1)

org.apache.sshd:sshd-git MAVEN version =2.10.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.9.9, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.62.0, =2.25.0, =1.1.0, =1.1.1 and more Source cves: CVE-2026-48827 Source advisory: SNYK:JAVA-ORGAPACHESSHD-17151844...

7.1CVSS5.7AI score0.00527EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/29 10:5 p.m.15 views

Malicious code in viem-multichain (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 000bdcb32a8ca1f6657425685c88c4b60917055d5a202275c50d004462e37459 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/27 8:14 p.m.12 views

CVE-2026-44833

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. This vulnerability is fixed in 8.4.1...

7.1CVSS5.8AI score0.00163EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/27 8:13 p.m.12 views

CVE-2026-44831

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting XSS. This vulnerability is fixed in 8.4.1...

5.4CVSS5.6AI score0.00218EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/26 8:42 p.m.9 views

Open Redirect

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Open Redirect via the unvalidated HTTP Referer header stored in a session variable. An attacker can redirect users to arbitrary external sites by crafting a malicious link a...

7.1CVSS5.9AI score0.00163EPSS
Exploits0References2
NVD
NVD
added 2026/05/26 8:16 p.m.20 views

CVE-2026-44831

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting XSS. This vulnerability is fixed in 8.4.1...

5.4CVSS0.00218EPSS
Exploits0References2
NVD
NVD
added 2026/05/26 8:16 p.m.18 views

CVE-2026-44833

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. This vulnerability is fixed in 8.4.1...

7.1CVSS0.00163EPSS
Exploits0References2
NVD
NVD
added 2026/05/26 8:16 p.m.17 views

CVE-2026-44832

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/id with permissionsadmin=1. The API controller only strips the superuser key from the...

8.8CVSS0.00314EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/26 7:30 p.m.15 views

EUVD-2026-31965

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. This vulnerability is fixed in 8.4.1...

7.1CVSS5.8AI score0.00163EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 7:30 p.m.11 views

CVE-2026-44833

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. This vulnerability is fixed in 8.4.1...

7.1CVSS5.8AI score0.00163EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/26 7:30 p.m.8 views

CVE-2026-44833 Snipe-IT: Open redirect vulnerability

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. This vulnerability is fixed in 8.4.1...

5.9CVSS5.8AI score0.00163EPSS
Exploits0References2
Rows per page
Query Builder