Known Vulnerabilities for Snipe-it by Snipeitapp
Listed below are 10 of the newest known vulnerabilities associated with "Snipe-it" by "Snipeitapp".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-38533 json | An improper authorization vulnerability in the /api/v1/users/{id} endpoint of Snipe-IT v8.4.0 allows authenticated attackers ... | Not Provided | 2026-04-14 | 2026-04-16 |
| CVE-2025-63743 json | Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows... | Not Provided | 2026-04-13 | 2026-04-14 |
| CVE-2025-23776 json | Missing Authorization vulnerability in ekaterir Cache Sniper for Nginx snipe-nginx-cache allows Exploiting Incorrectly Config... | Not Provided | 2025-01-16 | 2026-04-01 |
| CVE-2025-15602 json | Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently prot... | Not Provided | 2026-03-06 | 2026-03-09 |
| CVE-2023-5511 json | Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3. | 8.8 - HIGH | 2023-10-11 | 2023-10-12 |
| CVE-2023-5452 json | Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2. | 5.4 - MEDIUM | 2023-10-06 | 2023-10-10 |
| CVE-2022-44381 json | Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password... | 5.3 - MEDIUM | 2022-12-25 | 2022-12-30 |
| CVE-2022-44380 json | Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for View Assigned Assets. | 5.4 - MEDIUM | 2022-12-25 | 2022-12-30 |
| CVE-2022-32061 json | An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows ... | 4.8 - MEDIUM | 2022-07-07 | 2022-07-15 |
| CVE-2022-32060 json | An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execu... | 4.8 - MEDIUM | 2022-07-07 | 2022-11-28 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Snipeitapp | Snipe-it | 5.0.0 | |||
| Application | Snipeitapp | Snipe-it | 5.0.0 | |||
| Application | Snipeitapp | Snipe-it | 5.0.0 | |||
| Application | Snipeitapp | Snipe-it | 4.7.6 | |||
| Application | Snipeitapp | Snipe-it | 4.7.5 | |||
| Application | Snipeitapp | Snipe-it | 4.7.4 | |||
| Application | Snipeitapp | Snipe-it | 4.7.3 | |||
| Application | Snipeitapp | Snipe-it | 4.7.2 | |||
| Application | Snipeitapp | Snipe-it | 4.7.1 | |||
| Application | Snipeitapp | Snipe-it | 4.7.0 | |||
| Application | Snipeitapp | Snipe-it | 4.6.9 | |||
| Application | Snipeitapp | Snipe-it | 4.6.8 | |||
| Application | Snipeitapp | Snipe-it | 4.6.7 | |||
| Application | Snipeitapp | Snipe-it | 4.6.6 | |||
| Application | Snipeitapp | Snipe-it | 4.6.5 | |||
| Application | Snipeitapp | Snipe-it | 4.6.4 | |||
| Application | Snipeitapp | Snipe-it | 4.6.3 | |||
| Application | Snipeitapp | Snipe-it | 4.6.2 | |||
| Application | Snipeitapp | Snipe-it | 4.6.18 | |||
| Application | Snipeitapp | Snipe-it | 4.6.17 |