CVE-2026-37709 | Grokability snipe-it up to 8.4.0 UploadedFilesController.php unrestricted upload

Inserito da Angelo Barbosa | Mag 7, 2026 | CVE

A vulnerability identified as critical has been detected in Grokability snipe-it up to 8.4.0. Affected by this issue is some unknown functionality of the file app/Http/Controllers/Api/UploadedFilesController.php. Performing a manipulation results in unrestricted upload.

This vulnerability was named CVE-2026-37709. The attack may be initiated remotely. There is no available exploit.

You should upgrade the affected component.

CVE-2026-37709 | Grokability snipe-it up to 8.4.0 UploadedFilesController.php unrestricted upload

Post correlati

CVE-2025-7119 | Campcodes Complaint Management System 1.0 /users/index.php Username sql injection

CVE-2023-44362 | Adobe Prelude up to 22.6.0 uninitialized pointer (apsb23-67)

CVE-2026-0936 | B&R Industrial Automation Process Visualization Interface up to 6.4 Logging log file

CVE-2024-55603 | Kanban up to 1.2.42 SessionHandler.php session expiration (GHSA-gv5c-8pxr-p484)