Known Vulnerabilities for products from Snipeitapp

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Snipeitapp".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-44833 json Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attacker... Not Provided 2026-05-26 2026-05-26
CVE-2026-44832 json Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can... Not Provided 2026-05-26 2026-05-26
CVE-2026-44831 json Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an u... Not Provided 2026-05-26 2026-05-26
CVE-2026-38533 json An improper authorization vulnerability in the /api/v1/users/{id} endpoint of Snipe-IT v8.4.0 allows authenticated attackers ... Not Provided 2026-04-14 2026-05-01
CVE-2026-37709 json Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allo... Not Provided 2026-05-07 2026-05-12
CVE-2025-15602 json Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently prot... Not Provided 2026-03-06 2026-04-17
CVE-2023-5511 json Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3. 8.8 - HIGH 2023-10-11 2023-10-12
CVE-2023-5452 json Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2. 5.4 - MEDIUM 2023-10-06 2023-10-10
CVE-2022-44381 json Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password... 5.3 - MEDIUM 2022-12-25 2022-12-30
CVE-2022-44380 json Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for View Assigned Assets. 5.4 - MEDIUM 2022-12-25 2022-12-30
CVE-2022-32061 json An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows ... 4.8 - MEDIUM 2022-07-07 2022-07-15
CVE-2022-32060 json An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execu... 4.8 - MEDIUM 2022-07-07 2022-11-28
CVE-2022-23064 json ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 8.8 - HIGH 2022-05-02 2022-05-10
CVE-2022-3173 json Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10. 4.3 - MEDIUM 2022-09-17 2022-09-21
CVE-2022-3035 json Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11. 4.8 - MEDIUM 2022-08-29 2022-09-01
CVE-2022-2997 json Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10. 8 - HIGH 2022-08-25 2022-09-01
CVE-2022-1511 json Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4. 6.5 - MEDIUM 2022-04-28 2023-06-29
CVE-2022-1445 json Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3.... 5.4 - MEDIUM 2022-04-24 2022-05-03
CVE-2022-1380 json Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vul... 5.4 - MEDIUM 2022-04-16 2022-04-25
CVE-2022-1155 json Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10. 7.4 - HIGH 2022-03-30 2022-04-05
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Snipeitapp

Type Vendor Product Version
ApplicationSnipeitappSnipe-it0.1.0