6309 matches found
EUVD-2026-43076
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Drupal Location Selector allows SQL Injection. This issue affects Location Selector versions: from 0.0.0 to 1.3.0...
CVE-2026-15081
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Drupal Location Selector allows SQL Injection. This issue affects Location Selector versions: from 0.0.0 to 1.3.0...
CVE-2026-15081 Location Selector - Critical - SQL Injection - SA-CONTRIB-2026-072
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Drupal Location Selector allows SQL Injection. This issue affects Location Selector versions: from 0.0.0 to 1.3.0...
CVE-2026-15081
CVE-2026-15081 affects Drupal Location Selector module (versions 0.0.0–1.3.0). The vulnerability arises from a Views filter that does not sufficiently sanitize user input, allowing improper neutralization of special elements in an SQL command (SQL Injection). Impact is_high confidentiality and in...
ECHO-EE84-F5BB-81BF
Bulletin has no description...
MINI-28FR-54CP-88WC
Bulletin has no description...
MINI-9F8J-JHCF-G4QF
Bulletin has no description...
MINI-59P7-7795-X9CJ
Bulletin has no description...
MINI-QJXC-HCCF-XC25
Bulletin has no description...
MINI-7JM8-9258-2XJX
Bulletin has no description...
CVE-2026-55472
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, when Full Multiple Companies Support and scopelocationsfmcs are enabled, the API location creation endpoint detects an invalid parent-child company mismatch but does not return immediately, allowing creation of a child location...
CVE-2026-55472 Snipe-IT: API Location Creation Bypasses FMCS Parent-Child Company Boundary Validation
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, when Full Multiple Companies Support and scopelocationsfmcs are enabled, the API location creation endpoint detects an invalid parent-child company mismatch but does not return immediately, allowing creation of a child location...
CVE-2026-55472
Snipe-IT (IT asset/license management) prior to version 8.6.2 permits creating a child location under a parent from a different company when Full Multiple Companies Support and scope_locations_fmcs are enabled. The API location creation endpoint detects an invalid parent-child company mismatch bu...
CVE-2026-55472 Snipe-IT: API Location Creation Bypasses FMCS Parent-Child Company Boundary Validation
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, when Full Multiple Companies Support and scopelocationsfmcs are enabled, the API location creation endpoint detects an invalid parent-child company mismatch but does not return immediately, allowing creation of a child location...
MINI-WG22-9Q7G-94JR
Bulletin has no description...
MINI-7937-F36J-36H4
Bulletin has no description...
MINI-9PPH-VJ22-82RF
Bulletin has no description...
PT-2026-57266
Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.6.2 Description When Full Multiple Companies Support and scope locations fmcs are enabled, the API location creation endpoint fails to terminate the process after detecting an invalid parent-child company mismatch...
CGA-V85Q-HW7Q-C7HG
Bulletin has no description...
MINI-HVCH-VVJ4-QVCP
Bulletin has no description...