Lucene search
K

7003 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 11:8 p.m.14 views

Malicious code in martinez-polygon-clipping-tony (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dabf04b2f99e28eb10740bd7459bf64513fac98a064b60071b1e7aabf8674dd0 Package name impersonates the legitimate martinez-polygon-clipping library: README, badges, and API surface are copied verbatim, while repository...

5.7AI score
Exploits0References2
Wired Threat Level
Wired Threat Level
added 2026/05/19 9:30 a.m.12 views

You Can Get Some of Your Nudes Removed From the Internet Under a New Law

Starting May 19, tech platforms in the US will have to comply with the Take It Down Act. Here’s how more than a dozen major platforms are handling takedown demands for your nonconsensual nudes...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/05/15 11:24 a.m.8 views

Malicious Package

Overview thesecretofrunningbyhansvandijkronvanmegen02jsk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.8AI score
Exploits0References2
Circl
Circl
added 2026/05/14 7:52 a.m.8 views

CVE-2026-5297

creationtimestamp| type| source ---|---|--- 2026-05-14 07:52:53+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-su-gitlab-ce/ee-14 2026-05-14 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities20260515...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/08 11:25 p.m.9 views

GHSA-MGHP-5CQ4-V6MG Snipe-IT has an open redirect vulnerability

Open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. Impact - Phishing: Redirect users to fake login pages to steal credentials - Session Hijacking: Redirect to attacker site that captures...

5.9CVSS5.8AI score0.00163EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/08 11:25 p.m.20 views

Snipe-IT has an open redirect vulnerability

Open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. Impact - Phishing: Redirect users to fake login pages to steal credentials - Session Hijacking: Redirect to attacker site that captures...

7.1CVSS5.8AI score0.00163EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/05/08 11:4 p.m.8 views

Access Control Bypass

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Access Control Bypass via the app/Http/Controllers/Api/UploadedFilesController.php component. An attacker can gain unauthorized access and potentially execute arbitrary code...

9.8CVSS6.2AI score0.00475EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/08 11:4 p.m.9 views

EUVD-2026-28401

Snipe-IT has insecure permissions in file uploads...

9.8CVSS5.8AI score0.00475EPSS
Exploits0References3
OSV
OSV
added 2026/05/08 11:4 p.m.12 views

GHSA-XG82-2HRV-HF64 Snipe-IT has insecure permissions in file uploads

Insecure Permissions vulnerability in grokability snipe-it versions through 8.4.0, fixed after 2026-03-10 commit 676a9958, allow a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component Impact Users who can view assets, consumables, etc we...

9.8CVSS6.2AI score0.00475EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/08 11:4 p.m.8 views

Snipe-IT has insecure permissions in file uploads

Insecure Permissions vulnerability in grokability snipe-it versions through 8.4.0, fixed after 2026-03-10 commit 676a9958, allow a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component Impact Users who can view assets, consumables, etc we...

9.8CVSS6.2AI score0.00475EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/05/08 10:24 p.m.7 views

Incorrect Authorization

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Incorrect Authorization in the PATCH process to /api/v1/users/id when the permissions array is not properly restricted. An attacker can gain unauthorized administrative...

8.8CVSS5.8AI score0.00314EPSS
Exploits0References3
OSV
OSV
added 2026/05/08 10:24 p.m.8 views

GHSA-HQ28-CRG7-95PR Snipe-IT has Privilege Escalation via API Permissions Assignment

Impact An authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/id with permissionsadmin=1. The API controller only strips the superuser key from the permissions array, allowing admin and all other permission keys...

8.8CVSS5.8AI score0.00314EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/08 10:24 p.m.18 views

Snipe-IT has Privilege Escalation via API Permissions Assignment

Impact An authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/id with permissionsadmin=1. The API controller only strips the superuser key from the permissions array, allowing admin and all other permission keys...

8.8CVSS5.8AI score0.00314EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/05/08 10:23 p.m.13 views

Cross-site Scripting (XSS)

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the notes field of the component checkout process. An attacker can execute arbitrary JavaScript code in the context of another user by submitting...

5.4CVSS5.8AI score0.00218EPSS
Exploits0References2
OSV
OSV
added 2026/05/08 10:23 p.m.9 views

GHSA-R42M-953Q-6VJX Snipe-IT has Stored XSS via Component Checkout Notes (v8.4.0)

Impact Users with component view access could be impacted by an unescaped notes column. Patches This was patched in https://github.com/grokability/snipe-it/commit/28f493d84d057895fbb93b6570e7393a2c2fa438, and is fixed in v8.4.1 or greater. Workarounds None...

4.8CVSS5.8AI score0.00218EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/08 10:23 p.m.11 views

Snipe-IT has Stored XSS via Component Checkout Notes (v8.4.0)

Impact Users with component view access could be impacted by an unescaped notes column. Patches This was patched in https://github.com/grokability/snipe-it/commit/28f493d84d057895fbb93b6570e7393a2c2fa438, and is fixed in v8.4.1 or greater. Workarounds None...

5.4CVSS5.8AI score0.00218EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.13 views

PT-2026-39301

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.4.1 Description An open redirect issue in Snipe-IT allows attackers to redirect users to malicious websites. This occurs because the application uses an unvalidated HTTP Referer header stored in a session variable...

7.1CVSS5.8AI score0.00163EPSS
Exploits0References5
NVD
NVD
added 2026/05/07 6:16 p.m.16 views

CVE-2026-37709

Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component...

9.8CVSS0.00475EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/07 12:0 a.m.32 views

CVE-2026-37709

Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component...

0.00475EPSS
Exploits0References2
CVE
CVE
added 2026/05/07 12:0 a.m.20 views

CVE-2026-37709

The CVE-2026-37709 entry concerns an Insecure Permissions vulnerability in grokability snipe-it ≤ v8.4.0 (fixed after 2026-03-10, commit 676a9958). A remote attacker could execute arbitrary code via app/Http/Controllers/Api/UploadedFilesController.php. The NVD/CVE data indicate a high-severity im...

9.8CVSS6.2AI score0.00475EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder