https://vulnerability.circl.lu/sightings/feed 2026-06-25T16:19:16.779992+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/eb8529b9-ae66-4226-a2b3-ef806813c23b/export 2026-06-25T16:19:16.805066+00:00 Joseph Lee https://cve.circl.lu/user/syspect {"uuid": "eb8529b9-ae66-4226-a2b3-ef806813c23b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-4849", "type": "seen", "source": "https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-4849", "content": "", "creation_timestamp": "2026-03-26T07:16:22.000000Z"} 2026-03-26T07:16:22+00:00 https://vulnerability.circl.lu/sighting/7311098b-be6c-4c0e-ba38-14a0fad10bf5/export 2026-06-25T16:19:16.804884+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "7311098b-be6c-4c0e-ba38-14a0fad10bf5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4849", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mhxc6o4ckg2i", "content": "", "creation_timestamp": "2026-03-26T09:30:34.022416Z"} 2026-03-26T09:30:34.022416+00:00 https://vulnerability.circl.lu/sighting/afa55695-155c-4084-adc0-4da9eeb81c6f/export 2026-06-25T16:19:16.802528+00:00 Joseph Lee https://cve.circl.lu/user/syspect {"uuid": "afa55695-155c-4084-adc0-4da9eeb81c6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-48491", "type": "published-proof-of-concept", "source": "https://github.com/traefik/traefik/security/advisories/GHSA-5r4w-85f3-pw66", "content": "", "creation_timestamp": "2026-06-05T10:26:32.000000Z"} 2026-06-05T10:26:32+00:00 https://vulnerability.circl.lu/sighting/d123b95b-17a8-4c3a-82ab-615ef7e8d68b/export 2026-06-25T16:19:16.802384+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "d123b95b-17a8-4c3a-82ab-615ef7e8d68b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48491", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mnkay2lpgr2j", "content": "\ud83d\udd17 CVE : CVE-2026-48020, CVE-2026-48491", "creation_timestamp": "2026-06-05T13:35:32.245255Z"} 2026-06-05T13:35:32.245255+00:00 https://vulnerability.circl.lu/sighting/949217cb-e2ae-4b50-a6ad-e11f85e95bf4/export 2026-06-25T16:19:16.802185+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "949217cb-e2ae-4b50-a6ad-e11f85e95bf4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48493", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moylygqbc626", "content": "CVE-2026-48493 - Snipe-IT Vulnerable to Privilege Escalation for self via API Permissions Assignment\nCVE ID : CVE-2026-48493\n \n Published : June 23, 2026, 10:11 p.m. | 1\u00a0hour, 33\u00a0minutes ago\n \n Description : Snipe-IT is an IT asset/license management system. In versions prior ...", "creation_timestamp": "2026-06-23T23:55:06.773368Z"} 2026-06-23T23:55:06.773368+00:00 https://vulnerability.circl.lu/sighting/960c1723-469c-43a3-9813-12a32af7e390/export 2026-06-25T16:19:16.799725+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "960c1723-469c-43a3-9813-12a32af7e390", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48493", "type": "seen", "source": "https://gist.github.com/alon710/0deb8ac6eb09e699071fdbd4071e986c", "content": "# CVE-2026-48493: CVE-2026-48493: Self-Privilege Escalation via Profile Modification in Snipe-IT\n\n> **CVSS Score:** 5.5\n> **Published:** 2026-06-23\n> **Full Report:** https://cvereports.com/reports/CVE-2026-48493\n\n## Summary\nA privilege escalation vulnerability in Snipe-IT versions prior to 8.6.0 allows authenticated users with profile-editing capabilities to elevate their own permissions by performing a PATCH request on their own user endpoint.\n\n## TL;DR\nAuthenticated users with 'users.edit' can modify their own accounts via the API to self-grant arbitrary permissions, excluding global admin/superuser roles.\n\n## Technical Details\n\n- **CWE ID**: CWE-863\n- **Attack Vector**: Network\n- **CVSS Score**: 5.5\n- **EPSS Score**: Not Indexed\n- **Impact**: Privilege Escalation\n- **Exploit Status**: poc\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- Snipe-IT prior to 8.6.0\n- **Snipe-IT**: < 8.6.0 (Fixed in: `8.6.0`)\n\n## Mitigation\n\n- Upgrade to Snipe-IT 8.6.0 or newer\n- Audit and restrict 'users.edit' permissions for non-admin accounts\n- Revoke API tokens for standard users during interim mitigation period\n\n**Remediation Steps:**\n1. Identify running Snipe-IT version using the administrative dashboard.\n2. Execute backup of the application database and configuration files.\n3. Pull the latest release of Snipe-IT (version 8.6.0 or higher).\n4. Run the standard database migration and upgrade commands.\n5. Verify that self-privilege escalation attempts are blocked by testing a non-admin account.\n\n## References\n\n- [Official GitHub Advisory Page](https://github.com/grokability/snipe-it/security/advisories/GHSA-52fw-7fw2-fmv5)\n- [Official Fix Pull Request](https://github.com/grokability/snipe-it/pull/19024)\n- [CVE Record Details](https://www.cve.org/CVERecord?id=CVE-2026-48493)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-48493) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-24T05:42:05.000000Z"} 2026-06-24T05:42:05+00:00