Total
37 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-47226 | 1 Snipeitapp | 1 Snipe-it | 2025-06-03 | N/A | 3.3 LOW |
| Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information. | |||||
| CVE-2024-48987 | 1 Snipeitapp | 1 Snipe-it | 2025-05-22 | N/A | N/A |
| Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product's repository, that have default APP_KEY values. | |||||
| CVE-2024-51094 | 1 Snipeitapp | 1 Snipe-it | 2025-05-22 | N/A | N/A |
| An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged attacker to modify their profile name and inject a malicious payload into the "Name" field. When an administrator later accesses the People Management page, exports the data as a CSV file, and opens it, the injected payload will be executed, allowing the attacker to exfiltrate internal system data from the CSV file to a remote server. | |||||
| CVE-2022-44380 | 1 Snipeitapp | 1 Snipe-it | 2025-04-15 | N/A | 5.4 MEDIUM |
| Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for View Assigned Assets. | |||||
| CVE-2022-44381 | 1 Snipeitapp | 1 Snipe-it | 2025-04-15 | N/A | 5.3 MEDIUM |
| Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request. | |||||
| CVE-2024-5685 | 1 Snipeitapp | 1 Snipe-it | 2025-03-07 | N/A | 8.1 HIGH |
| Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1. | |||||
| CVE-2024-51093 | 1 Snipeitapp | 1 Snipe-it | 2024-11-18 | N/A | 8.7 HIGH |
| Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT - v7.0.13 allows an attacker to upload a malicious XML file containing JavaScript code. This can lead to privilege escalation when the payload is executed, granting the attacker super admin permissions within the Snipe-IT system. | |||||
| CVE-2022-1511 | 1 Snipeitapp | 1 Snipe-it | 2024-02-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4. | |||||
| CVE-2023-5511 | 1 Snipeitapp | 1 Snipe-it | 2023-10-12 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3. | |||||
| CVE-2023-5452 | 1 Snipeitapp | 1 Snipe-it | 2023-10-10 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2. | |||||
| CVE-2022-0178 | 1 Snipeitapp | 1 Snipe-it | 2023-08-02 | 5.5 MEDIUM | 5.4 MEDIUM |
| Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8. | |||||
| CVE-2022-0611 | 1 Snipeitapp | 1 Snipe-it | 2023-08-02 | 6.5 MEDIUM | 8.8 HIGH |
| Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11. | |||||
| CVE-2022-0569 | 1 Snipeitapp | 1 Snipe-it | 2023-08-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9. | |||||
| CVE-2022-0579 | 1 Snipeitapp | 1 Snipe-it | 2023-08-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9. | |||||
| CVE-2022-0179 | 1 Snipeitapp | 1 Snipe-it | 2023-06-29 | 4.9 MEDIUM | 5.4 MEDIUM |
| snipe-it is vulnerable to Missing Authorization | |||||
| CVE-2022-32060 | 1 Snipeitapp | 1 Snipe-it | 2022-11-28 | 3.5 LOW | 4.8 MEDIUM |
| An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2022-3173 | 1 Snipeitapp | 1 Snipe-it | 2022-09-21 | N/A | 4.3 MEDIUM |
| Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10. | |||||
| CVE-2022-2997 | 1 Snipeitapp | 1 Snipe-it | 2022-09-01 | N/A | 8.0 HIGH |
| Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10. | |||||
| CVE-2022-3035 | 1 Snipeitapp | 1 Snipe-it | 2022-09-01 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11. | |||||
| CVE-2021-4089 | 1 Snipeitapp | 1 Snipe-it | 2022-08-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| snipe-it is vulnerable to Improper Access Control | |||||