Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: snipe-it Clear
ID Title
CVE-2026-48493 Authorization Flaw in snipe/snipe-it (CVE-2026-48493)
vulnerability in snipe/snipe-it (CVE-2026-48493). Data can be tampered with by attackers. Exploitable via ``assets.view``. Mitigation: upgrade to `8.6.0` or later.
CVE-2026-48507 Authorization Flaw in snipe/snipe-it (CVE-2026-48507)
vulnerability in snipe/snipe-it (CVE-2026-48507). Risk of unauthorized operations or information disclosure. Exploitable via ``users.edit``. Mitigation: upgrade to `8.6.0` or later.
CVE-2026-44833 Open Redirect in snipe/snipe-it (CVE-2026-44833)
vulnerability in snipe/snipe-it (CVE-2026-44833). Risk of unauthorized operations or information disclosure. Exploitable via `Referer header`. Mitigation: upgrade to `8.4.1` or later.
CVE-2026-37709 Vulnerability in snipe/snipe-it (CVE-2026-37709)
vulnerability in snipe/snipe-it (CVE-2026-37709). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.4.1` or later.
CVE-2026-44832 Vulnerability in snipe/snipe-it (CVE-2026-44832)
vulnerability in snipe/snipe-it (CVE-2026-44832). Successful exploitation can lead to full system takeover. Exploitable via ``users.edit``. Mitigation: upgrade to `8.4.1` or later.
CVE-2026-44831 Cross-Site Scripting (XSS) in snipe/snipe-it (CVE-2026-44831)
cross-site scripting in snipe/snipe-it (CVE-2026-44831). Risk of unauthorized operations or information disclosure. Exploitable via ``notes``. Mitigation: upgrade to `8.4.1` or later.
CVE-2025-65622 Cross-Site Scripting (XSS) in snipeitapp (CVE-2025-65622)
cross-site scripting in snipeitapp (CVE-2025-65622). Risk of unauthorized operations or information disclosure.
CVE-2025-65621 Cross-Site Scripting (XSS) in privilege-escalation (CVE-2025-65621)
cross-site scripting in privilege-escalation (CVE-2025-65621). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →