72 matches found
CVE-2022-1511
Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4...
CVE-2022-0179
snipe-it is vulnerable to Missing Authorization...
CVE-2022-35864
This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetPopupSubQueryDetails endpoint. The issue results from the lack of...
CVE-2021-3938
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-3961
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-3858
snipe-it is vulnerable to Cross-Site Request Forgery CSRF...
CVE-2021-3931
snipe-it is vulnerable to Cross-Site Request Forgery CSRF...
CVE-2021-4130
snipe-it is vulnerable to Cross-Site Request Forgery CSRF...
CVE-2021-4089
snipe-it is vulnerable to Improper Access Control...
CVE-2021-3879
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-3863
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2025-47226
Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information...
CVE-2022-1155
Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10...
Remote Code Execution (RCE)
snipe/snipe-it is vulnerable to Remote Code Execution RCE. The vulnerability is due to the deserialization of untrusted data in the cookie-handling process, allows an attacker can execute arbitrary code on the server by exploiting the APPKEY, especially if it is set to a default value as found in...
PT-2023-27765
Name of the Vulnerable Software and Affected Versions hyper-bump-it versions prior to 0.5.1 Description The issue arises from hyper-bump-it reading a file glob pattern from the configuration file and combining it with the project root directory to construct a full glob pattern. This pattern is us...
amiolegumi.it Cross Site Scripting vulnerability OBB-3570721
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Regular Expression Denial Of Service (ReDoS)
markdown-it is vulnerable to regular expression denial of service DoS attacks. A malicious user is able to pass a crafted regex statement through the replace function in lib/common/htmlre.js, causing an application crash due to inefficient regular expression complexity...
CVE-2022-44380
Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting XSS for View Assigned Assets...
new.laroma24.it Cross Site Scripting vulnerability OBB-3095269
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
PT-2022-19934 · Snipe · Snipe-It
Name of the Vulnerable Software and Affected Versions: snipe/snipe-it versions prior to 6.0.10 Description: The issue concerns a session fixation problem where the session is not invalidated after a password change. This could potentially allow unauthorized access to user accounts. Recommendation...