Lucene search
K

6 matches found

Github Security Blog
Github Security Blog
added 2026/06/23 11:12 p.m.12 views

Snipe-IT API Vulnerable to Cross-Tenant Accessory Injection

Impact A cross-tenant data injection vulnerability was identified in the Snipe-IT Accessories API when Full Multiple Companies Support FMCS is enabled. A low-privileged authenticated user belonging to one company can create an accessory record under another company by supplying a foreign companyi...

8.5CVSS5.8AI score0.00389EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.13 views

PT-2026-51642

Name of the Vulnerable Software and Affected Versions Snipe-IT affected versions not specified Description An authorization bypass exists in the BulkAssetsController::update function. The system accepts the company id variable directly from user input without utilizing the standard company-scopin...

6.3CVSS5.9AI score
Exploits0References5
OSV
OSV
added 2026/06/18 1:7 p.m.5 views

GHSA-6X8V-2FQ5-2229 ZITADEL: Cross-Tenant User Leakage via Recycled Identifiers

Summary A flaw in the user lifecycle enforcement allowed deleted users to retain their original organization/tenant association. Recreating a deleted user under a distinct organization can cause the new user instance to be incorrectly provisioned within the original organization if the previous I...

2.3CVSS5.5AI score0.00286EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-25141

Malicious code in bioql PyPI...

9CVSS6.3AI score0.00437EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/08/20 5:33 p.m.17 views

CVE-2025-55205

Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection vulnerability in Capsule v0.10.3 and earlier allows authenticated tenant users to inject arbitrary labels into system namespaces kube-system, default, capsule-system, bypassing multi-tenant isolation...

9CVSS6.7AI score0.00437EPSS
Exploits0References1
CVE
CVE
added 2025/08/18 4:28 p.m.32 views

CVE-2025-55205

CVE-2025-55205 concerns Capsule (Kubernetes multi-tenant framework). Affected: Capsule v0.10.3 and earlier; fixed in v0.10.4. Vulnerability: authenticated tenant users can inject arbitrary labels into system namespaces (e.g., kube-system, default, capsule-system) via namespace labeling, bypassing...

9CVSS7AI score0.00437EPSS
Exploits0References2
Rows per page
Query Builder