Known Vulnerabilities for products from Snipeitapp
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Snipeitapp".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-55843 json | Snipe-IT is an IT asset/license management system. Prior to 8.6.0, UsersController::update() passes a missing permission requ... | Not Provided | 2026-07-10 | 2026-07-10 |
| CVE-2026-55542 json | Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, Snipe-IT S3 signature image retrieval lacks author... | Not Provided | 2026-07-08 | 2026-07-10 |
| CVE-2026-55516 json | Snipe-IT is an IT asset/license management system. Prior to 8.6.2, PATCH or PUT /api/v1/maintenances/{maintenance_id} checks ... | Not Provided | 2026-07-10 | 2026-07-10 |
| CVE-2026-55478 json | Snipe-IT is an IT asset/license management system. Prior to 8.6.2, POST /api/v1/kits/{kit_id}/licenses checks whether the cal... | Not Provided | 2026-07-10 | 2026-07-10 |
| CVE-2026-55476 json | Snipe-IT is an IT asset/license management system. Prior to 8.6.0, POST /account/request/{itemType}/{itemId}/{cancel_by_admin... | Not Provided | 2026-07-10 | 2026-07-10 |
| CVE-2026-55474 json | Snipe-IT is an IT asset/license management system. Prior to 8.5.0, ActionlogController::displaySig concatenates the route fil... | Not Provided | 2026-07-10 | 2026-07-10 |
| CVE-2026-55472 json | Snipe-IT is an IT asset/license management system. Prior to 8.6.2, when Full Multiple Companies Support and scope_locations_f... | Not Provided | 2026-07-10 | 2026-07-10 |
| CVE-2026-55464 json | Snipe-IT is an IT asset/license management system. Prior to 8.6.2, CommonMark escapes raw HTML but does not sanitize javascri... | Not Provided | 2026-07-10 | 2026-07-10 |
| CVE-2026-55460 json | Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated non-admin user with users.view and users.... | Not Provided | 2026-07-10 | 2026-07-10 |
| CVE-2026-54329 json | Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the Accessories API create path mass-assigns request param... | Not Provided | 2026-07-10 | 2026-07-10 |
| CVE-2026-48507 json | Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding... | Not Provided | 2026-06-08 | 2026-06-09 |
| CVE-2026-48493 json | Snipe-IT is an IT asset/license management system. In versions prior to 8.6.0, a user with only users.edit can send a PATCH t... | Not Provided | 2026-06-23 | 2026-06-26 |
| CVE-2026-48492 json | Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, the GET /api/v1/{object}/selectlist API endpoint i... | Not Provided | 2026-07-08 | 2026-07-10 |
| CVE-2026-44833 json | Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attacker... | Not Provided | 2026-05-26 | 2026-05-26 |
| CVE-2026-44832 json | Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can... | Not Provided | 2026-05-26 | 2026-07-02 |
| CVE-2026-44831 json | Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an u... | Not Provided | 2026-05-26 | 2026-05-26 |
| CVE-2026-38533 json | An improper authorization vulnerability in the /api/v1/users/{id} endpoint of Snipe-IT v8.4.0 allows authenticated attackers ... | Not Provided | 2026-04-14 | 2026-05-01 |
| CVE-2026-37709 json | Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allo... | Not Provided | 2026-05-07 | 2026-05-12 |
| CVE-2025-65622 json | Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to in... | Not Provided | 2025-12-01 | 2026-07-05 |
| CVE-2025-65621 json | Snipe-IT before 8.3.4 allows stored XSS, allowing a low-privileged authenticated user to inject JavaScript that executes in a... | Not Provided | 2025-12-01 | 2026-07-05 |
Known software with vulnerabilities from Snipeitapp
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Snipeitapp | Snipe-it | 0.1.0 |