Known Vulnerabilities for products from Snipeitapp

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Snipeitapp".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2025-15602 json Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently prot... Not Provided 2026-03-06 2026-04-17
CVE-2023-5511 json Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3. 8.8 - HIGH 2023-10-11 2023-10-12
CVE-2023-5452 json Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2. 5.4 - MEDIUM 2023-10-06 2023-10-10
CVE-2022-44381 json Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password... 5.3 - MEDIUM 2022-12-25 2022-12-30
CVE-2022-44380 json Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for View Assigned Assets. 5.4 - MEDIUM 2022-12-25 2022-12-30
CVE-2022-32061 json An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows ... 4.8 - MEDIUM 2022-07-07 2022-07-15
CVE-2022-32060 json An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execu... 4.8 - MEDIUM 2022-07-07 2022-11-28
CVE-2022-23064 json ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 8.8 - HIGH 2022-05-02 2022-05-10
CVE-2022-3173 json Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10. 4.3 - MEDIUM 2022-09-17 2022-09-21
CVE-2022-3035 json Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11. 4.8 - MEDIUM 2022-08-29 2022-09-01
CVE-2022-2997 json Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10. 8 - HIGH 2022-08-25 2022-09-01
CVE-2022-1511 json Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4. 6.5 - MEDIUM 2022-04-28 2023-06-29
CVE-2022-1445 json Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3.... 5.4 - MEDIUM 2022-04-24 2022-05-03
CVE-2022-1380 json Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vul... 5.4 - MEDIUM 2022-04-16 2022-04-25
CVE-2022-1155 json Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10. 7.4 - HIGH 2022-03-30 2022-04-05
CVE-2022-0622 json Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11. 5.3 - MEDIUM 2022-02-17 2022-02-25
CVE-2022-0611 json ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 8.8 - HIGH 2022-02-16 2023-08-02
CVE-2022-0579 json Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3.9. 6.5 - MEDIUM 2022-02-14 2023-08-02
CVE-2022-0569 json Exposure of Sensitive Information to an Unauthorized Actor in Packagist snipe/snipe-it prior to v5.3.9. 4.3 - MEDIUM 2022-02-14 2023-08-02
CVE-2022-0179 json snipe-it is vulnerable to Improper Access Control 5.4 - MEDIUM 2022-01-12 2023-06-29
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Snipeitapp

Type Vendor Product Version
ApplicationSnipeitappSnipe-it0.1.0