4 matches found
CVE-2026-55478
Snipe-IT (IT asset/license management) has a vulnerability in the Kits API. Before version 8.6.2, POST /api/v1/kits/{kit_id}/licenses validates the caller’s ability to edit kits but does not authorize access to the referenced license object. This allows a low-privilege user with predefined-kit pe...
Parse Server 授权问题漏洞
Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. There were authorization-related vulnerabilities in versions of Parse Server prior to 8.6.10 and 9.5.0-alpha.11. These vulnerabilities stemmed from the...
CVE-2019-20402
Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability...
PT-2011-2778 · Cisco · Cisco Unified Operations Manager
Name of the Vulnerable Software and Affected Versions: Cisco Unified Operations Manager CUOM versions prior to 8.6 Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the CCMs parameter to the "/iptm/PRTestCreation.do" API endpoint or the ccm...