Vulnerabilities
Vulnerable Software
Security Vulnerabilities
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, CommonMark escapes raw HTML but does not sanitize javascript: URIs in Markdown hyperlinks, allowing a user with assets.edit permission to place a malicious link in a markdown-textarea custom field that executes arbitrary JavaScript when another user opens the asset detail page and clicks the link. This issue is fixed in version 8.6.2.
CVSS Score
4.8
EPSS Score
0.002
Published
2026-07-10
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, when Full Multiple Companies Support and scope_locations_fmcs are enabled, the API location creation endpoint detects an invalid parent-child company mismatch but does not return immediately, allowing creation of a child location under a parent location from a different company. This issue is fixed in version 8.6.2.
CVSS Score
4.3
EPSS Score
0.002
Published
2026-07-10
Grav is a file-based Web platform. Prior to 2.0.0, an authenticated admin.super user can crash Grav or fill the disk by uploading a specially crafted ZIP archive through the Direct Install tool because Installer::unZip calls ZipArchive::extractTo without limits on uncompressed size, entry count, or directory depth. This issue is fixed in version 2.0.0.
CVSS Score
6.9
EPSS Score
0.004
Published
2026-07-10
A user with Editor permissions can craft a dashboard whose table (TableNG) panel contains a malicious field name that executes as a script in the browser of any user who views the dashboard (stored cross-site scripting).
CVSS Score
6.8
EPSS Score
0.002
Published
2026-07-10
An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the Grafana instance (denial of service).
CVSS Score
5.3
EPSS Score
0.004
Published
2026-07-10
Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing a denial of service.
CVSS Score
7.5
EPSS Score
0.004
Published
2026-07-10
In JetBrains YouTrack before 2026.2.17394 stored XSS via article titles in digest emails was possible
CVSS Score
3.5
EPSS Score
0.004
Published
2026-07-10
In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible
CVSS Score
3.5
EPSS Score
0.001
Published
2026-07-10
In JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code execution via path traversal in project workspace ID handling was possible
CVSS Score
9.6
EPSS Score
0.004
Published
2026-07-10
In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration
CVSS Score
8.8
EPSS Score
0.003
Published
2026-07-10


Contact Us

Shodan ® - All rights reserved