Lucene search
K

6 matches found

CVE
CVE
added 3 days ago16 views

CVE-2026-55542

Snipe-IT prior to version 8.6.1 exposes a missing authorization check when retrieving S3 signature images. In S3-backed deployments, authenticated users who know a signature filename can obtain a 5-minute signed S3 URL because the S3 branch returns before the authorize() call used by the local-fi...

5.3CVSS6AI score0.00364EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-55542 Snipe-IT's S3 signature image retrieval lacks authorization before temporary URL

Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, Snipe-IT S3 signature image retrieval lacks authorization before temporary URL. On S3-backed deployments, authenticated users who know a signature filename can obtain a 5-minute signed S3 URL because the S3 branch returns...

5.3CVSS0.00364EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/23 11:11 p.m.10 views

Snipe-IT's S3 signature image retrieval lacks authorization before temporary URL

Impact Snipe-IT S3 signature image retrieval lacks authorization before temporary URL. On S3-backed deployments, authenticated users who know a signature filename can obtain a 5-minute signed S3 URL because the S3 branch returns before the authorize call used by the local-file branch. Key evidenc...

5.3CVSS5.8AI score0.00364EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.7 views

PT-2026-51646

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.6.1 Description In S3-backed deployments, the system fails to perform authorization checks before generating temporary URLs for signature image retrieval. Authenticated users who possess a signature filename can...

5.3CVSS5.9AI score0.00364EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.10 views

OpenEMR 安全漏洞

OpenEMR is an open-source medical management system developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.3 contained security...

4.3CVSS5.9AI score0.00235EPSS
Exploits1References3
OSV
OSV
added 2024/01/08 7:15 p.m.3 views

CVE-2023-5957

The Ni Purchase OrderPO For WooCommerce WordPress plugin through 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RCE vulnerability by uploading a web shell...

7.2CVSS5.9AI score0.00876EPSS
Exploits2References1
Rows per page
Query Builder