Lucene search
K

5 matches found

NVD
NVD
added 6 days ago7 views

CVE-2026-48492

Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, the GET /api/v1/object/selectlist API endpoint is missing an authorization check. Any user who can log into Snipe-IT - regardless of permissions - can retrieve a paginated list of all user accounts using only their web...

7.1CVSS0.00385EPSS
Exploits0References2
CVE
CVE
added 6 days ago17 views

CVE-2026-48492

CVE-2026-48492 affects Snipe-IT (IT asset/license management). Prior to version 8.6.1, the GET /api/v1/{object}/selectlist endpoint lacked an authorization check, allowing any logged-in user (with a web session cookie and no API token) to enumerate all user accounts and retrieve usernames, displa...

7.1CVSS6AI score0.00385EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-48492 Snipe-IT's selectlist visibility is too permissive

Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, the GET /api/v1/object/selectlist API endpoint is missing an authorization check. Any user who can log into Snipe-IT - regardless of permissions - can retrieve a paginated list of all user accounts using only their web...

7.1CVSS0.00385EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/23 10:11 p.m.6 views

Missing Authorization

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Missing Authorization in the selectlist API endpoint due to missing authorization checks. An attacker can enumerate all active user accounts, harvest usernames, collect...

7.1CVSS5.8AI score0.00385EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/23 10:11 p.m.11 views

Snipe-IT's selectlist visibility is too permissive

Impact The GET /api/v1/object/selectlist API endpoint is missing an authorization check. Any user who can log into Snipe-IT - regardless of permissions - can retrieve a paginated list of all user accounts using only their web session cookie. No API token or elevated permissions are required. This...

7.1CVSS5.9AI score0.00385EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder