Lucene search
K

447 matches found

EUVD
EUVD
added 2026/03/06 6:31 p.m.4 views

EUVD-2025-208340

Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the...

8.8CVSS5.8AI score0.0046EPSS
Exploits1References4
Snyk
Snyk
added 2026/03/06 6:31 p.m.2 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through insufficient protection of sensitive user attributes in the mass assignment process. A...

8.8CVSS5.8AI score0.0046EPSS
Exploits1References2
OSV
OSV
added 2026/03/06 6:31 p.m.3 views

GHSA-5448-V74M-7MV7 Snipe-IT has sensitive user attributes related to account privileges that are insufficiently protected against mass assignment

Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the...

8.8CVSS5.8AI score0.0046EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/06 6:31 p.m.9 views

Snipe-IT has sensitive user attributes related to account privileges that are insufficiently protected against mass assignment

Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the...

8.8CVSS5.8AI score0.0046EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/03/06 5:16 p.m.8 views

CVE-2025-15602

Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the...

8.8CVSS0.0046EPSS
Exploits1References3
OSV
OSV
added 2026/03/06 5:16 p.m.6 views

CVE-2025-15602

Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the...

8.8CVSS5.8AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/06 4:16 p.m.2 views

CVE-2025-15602 Snipe-IT < 8.3.7 Mass Assignment Vulnerability Leading to Privilege Escalation

Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the...

8.8CVSS5.8AI score0.0046EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/06 4:16 p.m.28 views

CVE-2025-15602 Snipe-IT < 8.3.7 Mass Assignment Vulnerability Leading to Privilege Escalation

Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the...

8.8CVSS0.0046EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/06 4:16 p.m.3 views

CVE-2025-15602

Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the...

8.8CVSS5.8AI score0.0046EPSS
Exploits1References4
CVE
CVE
added 2026/03/06 4:16 p.m.22 views

CVE-2025-15602

Summary: CVE-2025-15602 affects Snipe-IT

8.8CVSS5.8AI score0.0046EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.7 views

PT-2026-23723

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.3.7 Description Snipe-IT instances running versions prior to 8.3.7 are susceptible to unauthorized modification of user account details due to insufficient protection of sensitive user attributes against mass...

8.8CVSS5.8AI score0.0046EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2026/02/13 1:30 a.m.9 views

CVE-2026-25759

Statmatic is a Laravel and Git powered content management system CMS. From 6.0.0 to before 6.2.3, a stored XSS vulnerability in content titles allows authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Maliciou...

8.7CVSS5.4AI score0.00293EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/11 8:37 p.m.5 views

CVE-2026-25759 Statmatic affected by privilege escalation via stored cross-site scripting

Statmatic is a Laravel and Git powered content management system CMS. From 6.0.0 to before 6.2.3, a stored XSS vulnerability in content titles allows authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Maliciou...

8.7CVSS5.4AI score0.00293EPSS
Exploits0References3
CVE
CVE
added 2026/02/11 8:37 p.m.15 views

CVE-2026-25759

CVE-2026-25759 affects Statamic CMS (Laravel/Git-based). From version 6.0.0 up to, but not including, 6.2.3, there is a stored XSS in content titles. An authenticated user with content-creation permissions (and control-panel access) can inject JavaScript that executes for higher-privileged users,...

8.7CVSS5.4AI score0.00293EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/11 8:37 p.m.26 views

CVE-2026-25759 Statmatic affected by privilege escalation via stored cross-site scripting

Statmatic is a Laravel and Git powered content management system CMS. From 6.0.0 to before 6.2.3, a stored XSS vulnerability in content titles allows authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Maliciou...

8.7CVSS0.00293EPSS
Exploits0References3
OSV
OSV
added 2026/02/11 8:37 p.m.8 views

CVE-2026-25759 Statmatic affected by privilege escalation via stored cross-site scripting

Statmatic is a Laravel and Git powered content management system CMS. From 6.0.0 to before 6.2.3, a stored XSS vulnerability in content titles allows authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Maliciou...

8.7CVSS5.4AI score0.00293EPSS
Exploits0References5
OSV
OSV
added 2026/02/11 6:17 p.m.2 views

GHSA-FF9R-WW9C-43X8 Statamic CMS vulnerable to privilege escalation via stored cross-site scripting

Impact Stored XSS vulnerability in content titles allow authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Malicious user must have an account with control panel access and content creation permissions. This...

8.7CVSS5.4AI score0.00293EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/02/11 6:17 p.m.7 views

Statamic CMS vulnerable to privilege escalation via stored cross-site scripting

Impact Stored XSS vulnerability in content titles allow authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Malicious user must have an account with control panel access and content creation permissions. This...

8.7CVSS5.4AI score0.00293EPSS
Exploits0References5Affected Software1
SUSE CVE
SUSE CVE
added 2026/01/17 12:25 a.m.4 views

SUSE CVE-2026-21483

listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to version 6.0.0, lower-privileged user with campaign management permissions can inject malicious JavaScript into campaigns or templates. When a higher-privileged user Super Admin views or previews this content, the...

6.4CVSS6.2AI score0.00198EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 11:12 a.m.5 views

CVE-2016-10947

The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin...

7.2CVSS8.2AI score0.01525EPSS
Exploits1References1
Rows per page
Query Builder