VIR Vulnerability Intelligence Relay

Package impact

php Packagist / snipe/snipe-it

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-37709 critical 9.8 9.8 26d ago Snipe-IT has insecure permissions in file uploads
CVE-2026-44832 high 8.8 8.8 26d ago Snipe-IT has Privilege Escalation via API Permissions Assignment
CVE-2026-44833 high 7.1 7.1 26d ago Snipe-IT has an open redirect vulnerability
CVE-2026-44831 medium 5.4 5.4 26d ago Snipe-IT has Stored XSS via Component Checkout Notes (v8.4.0)
CVE-2025-47226 unknown 1.0 1y ago Grokability Snipe-IT has incorrect authorization for accessing asset information
CVE-2025-15602 unknown 3mo ago Snipe-IT has sensitive user attributes related to account privileges that are insufficiently protected against mass assignment
CVE-2025-65622 unknown 6mo ago Snipe-IT allows stored XSS via the Locations "Country" field
CVE-2025-65621 unknown 6mo ago Snipe-IT is vulnerable to stored cross-site scripting
CVE-2025-64027 unknown 7mo ago Snipe-IT has Cross-site Scripting vulnerability in CSV import workflow
CVE-2025-59713 unknown 9mo ago Snipe-IT allows unsafe deserialization
CVE-2025-59712 unknown 9mo ago Snipe-IT allows XSS
CVE-2024-51093 unknown 2y ago Cross Site Scripting vulnerability in Snipe-IT
CVE-2024-48987 unknown 2y ago Snipe-IT remote code execution
CVE-2024-5685 unknown 2y ago Snipe-IT allows users to promote or demote themselves or other users
CVE-2023-5511 unknown 3y ago Cross-Site Request Forgery (CSRF) in snipe/snipe-it
CVE-2023-5452 unknown 3y ago Cross-site Scripting in snipe/snipe-it
CVE-2022-44381 unknown 4y ago Snipe-IT allows attackers to check whether a user account exists
CVE-2022-44380 unknown 4y ago Snipe-IT vulnerable to Cross Site Scripting for View Assigned Assets
CVE-2022-3173 unknown 4y ago Snipe-IT vulnerable to Improper Authentication
CVE-2022-3035 unknown 4y ago snipe-it vulnerable to cross-site scripting (XSS)
CVE-2022-2997 unknown 4y ago Insufficient Session Expiration in snipe/snipe-it
CVE-2022-32060 unknown 4y ago Snipe-IT 6.0.2 vulnerable to Cross-site Scripting via arbitrary file upload in Update Branding Settings
CVE-2022-32061 unknown 4y ago Snipe-IT 6.0.2 vulnerable to Cross-site Scripting
CVE-2019-10118 unknown 4y ago Snipe-IT XSS Vulnerability
CVE-2022-23064 unknown 4y ago snipe-IT vulnerable to host header injection
CVE-2022-1511 unknown 4y ago Improper Access Control in snipe/snipe-it
CVE-2022-1445 unknown 4y ago Stored cross-site scripting in Snipe-IT
CVE-2022-1380 unknown 4y ago Cross-site Scripting in snipe-it
CVE-2022-1155 unknown 4y ago Old sessions not blocked by login enable function in Snipe-IT
CVE-2022-0622 unknown 4y ago Generation of Error Message Containing Sensitive Information in Snipe-IT
CVE-2022-0611 unknown 4y ago Improper Privilege Management in Snipe-IT
CVE-2022-0569 unknown 4y ago Exposure of Sensitive Information in snipe/snipe-it
CVE-2022-0579 unknown 4y ago Improper Privilege Management in Snipe-IT
CVE-2022-0178 unknown 4y ago Improper Access Control in snipe-it
CVE-2022-0179 unknown 4y ago Incorrect Default Permissions and Improper Access Control in snipe-it
CVE-2021-4130 unknown 5y ago snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-4089 unknown 5y ago snipe-it is vulnerable to Improper Access Control
CVE-2021-4108 unknown 5y ago snipe-it is vulnerable to Cross-site Scripting
CVE-2021-4075 unknown 5y ago Server-Side Request Forgery in snipe/snipe-it
CVE-2021-4018 unknown 5y ago snipe-it is vulnerable to Cross-site Scripting
CVE-2021-3961 unknown 5y ago Cross-site Scripting in snipe/snipe-it
CVE-2021-3938 unknown 5y ago snipe-it is vulnerable to Cross-site Scripting
CVE-2021-3931 unknown 5y ago snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3863 unknown 5y ago Cross-site Scripting in snipe-it
CVE-2021-3858 unknown 5y ago Cross-Site Request Forgery in snipe-it
CVE-2021-3879 unknown 5y ago Cross-site Scripting in snipe-it