CVE Tools

snipeitapp

Enterprise Softwareoss-project

15

Cumulative CVEs

4

Monthly snapshots

#112

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting snipeitapp.

CVE-2026-48507Snipe-IT: Bulk editing users allowed `ldap_import` and `activated_in` bulk editing users7.1Jun 8, 2026
CVE-2026-44833Snipe-IT: Open redirect vulnerability5.9May 26, 2026
CVE-2026-44832Snipe-IT: Privilege Escalation via API Permissions Assignment8.8May 26, 2026
CVE-2026-44831Snipe-IT: XSS vulnerability in component notes4.8May 26, 2026
CVE-2026-37709Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the app/Http/Controll...9.8May 7, 2026
CVE-2026-38533An improper authorization vulnerability in the /api/v1/users/{id} endpoint of Snipe-IT v8.4.0 allows authenticated attackers with the users.edit permission to modify sensitive authentication and ac...6.5Apr 14, 2026
CVE-2025-15602Snipe-IT < 8.3.7 Mass Assignment Vulnerability Leading to Privilege Escalation8.8Mar 6, 2026
CVE-2019-25264Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting6.4Feb 3, 2026
CVE-2025-65622Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session.5.4Dec 1, 2025
CVE-2025-65621Snipe-IT before 8.3.4 allows stored XSS, allowing a low-privileged authenticated user to inject JavaScript that executes in an administrator's session, enabling privilege escalation.5.4Dec 1, 2025
CVE-2025-64027Snipe-IT v8.3.4 (build 20218) contains a reflected cross-site scripting (XSS) vulnerability in the CSV Import workflow. When an invalid CSV file is uploaded, the application returns a progress_mess...6.1Nov 20, 2025
CVE-2025-63601Snipe-IT before version 8.3.3 contains a remote code execution vulnerability that allows an authenticated attacker to upload a malicious backup file containing arbitrary files and execute system co...9.9Nov 5, 2025
CVE-2025-59713Snipe-IT before 8.1.18 allows unsafe deserialization.6.8Sep 19, 2025
CVE-2025-59712Snipe-IT before 8.1.18 allows XSS.6.4Sep 19, 2025
CVE-2025-47226Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information.5.0May 2, 2025