Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Snipe\-It
(Snipeitapp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 37 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-05-02 | CVE-2025-47226 | Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information. | Snipe\-It | 3.3 | ||
| 2024-10-11 | CVE-2024-48987 | Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product's repository, that have default APP_KEY values. | Snipe\-It | N/A | ||
| 2024-11-12 | CVE-2024-51094 | An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged attacker to modify their profile name and inject a malicious payload into the "Name" field. When an administrator later accesses the People Management page, exports the data as a CSV file, and opens it, the injected payload will be executed, allowing the attacker to exfiltrate internal system data from the CSV file to a remote server. | Snipe\-It | N/A | ||
| 2024-06-14 | CVE-2024-5685 | Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1. | Snipe\-It | 8.1 | ||
| 2021-10-19 | CVE-2021-3858 | snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) | Snipe\-It | 8.8 | ||
| 2021-10-19 | CVE-2021-3863 | snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Snipe\-It | 6.1 | ||
| 2021-10-19 | CVE-2021-3879 | snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Snipe\-It | 5.4 | ||
| 2021-11-13 | CVE-2021-3931 | snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) | Snipe\-It | 4.3 | ||
| 2021-11-13 | CVE-2021-3938 | snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Snipe\-It | 5.4 | ||
| 2021-11-19 | CVE-2021-3961 | snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Snipe\-It | 5.4 |