9 matches found
CVE-2026-37709
Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component...
EUVD-2026-28401
Snipe-IT has insecure permissions in file uploads...
Access Control Bypass
Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Access Control Bypass via the app/Http/Controllers/Api/UploadedFilesController.php component. An attacker can gain unauthorized access and potentially execute arbitrary code...
CVE-2026-37709
Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component...
Snipe-IT 访问控制错误漏洞
Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT 8.4.0 and earlier contained a access control vulnerability. This vulnerability stemmed from improper permission settings in the app/Http/Controllers/Api/UploadedFilesController.php...
CVE-2026-37709
Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component...
CVE-2026-37709
Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component...
CVE-2026-37709
Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component...
PT-2023-10103 · Unknown · Rails-Cv-App
Name of the Vulnerable Software and Affected Versions: rails-cv-app affected versions not specified Description: A problematic issue has been found, affecting some unknown functionality of the file app/controllers/uploaded files controller.rb. The manipulation with the input ../../../etc/passwd...