Lucene search
K

72 matches found

redhatcve
redhatcve
added 2025/05/22 10:19 p.m.9 views

CVE-2022-1511

Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4...

6.5CVSS6.8AI score0.00994EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 10:15 p.m.7 views

CVE-2022-0179

snipe-it is vulnerable to Missing Authorization...

6.3CVSS6.8AI score0.00639EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 9:55 p.m.13 views

CVE-2022-35864

This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetPopupSubQueryDetails endpoint. The issue results from the lack of...

6.5CVSS6.5AI score0.01378EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 9:28 p.m.9 views

CVE-2021-3938

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

5.4CVSS6.7AI score0.00521EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 8:12 p.m.14 views

CVE-2021-3961

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

8CVSS6.7AI score0.00731EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 8:10 p.m.7 views

CVE-2021-3858

snipe-it is vulnerable to Cross-Site Request Forgery CSRF...

8.8CVSS6.8AI score0.00526EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 7:34 p.m.7 views

CVE-2021-3931

snipe-it is vulnerable to Cross-Site Request Forgery CSRF...

4.3CVSS6.8AI score0.00429EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 6:48 p.m.6 views

CVE-2021-4130

snipe-it is vulnerable to Cross-Site Request Forgery CSRF...

8.8CVSS6.8AI score0.00463EPSS
Exploits1
redhatcve
redhatcve
added 2025/05/22 6:45 p.m.7 views

CVE-2021-4089

snipe-it is vulnerable to Improper Access Control...

4.3CVSS6.8AI score0.00697EPSS
Exploits1
redhatcve
redhatcve
added 2025/05/22 6:45 p.m.5 views

CVE-2021-3879

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

6.8CVSS6.7AI score0.00803EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 6:45 p.m.7 views

CVE-2021-3863

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

6.1CVSS6.7AI score0.00764EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/05/02 12:0 a.m.7 views

CVE-2025-47226

Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information...

5CVSS7AI score0.01189EPSS
Exploits4References4
redhatcve
redhatcve
added 2025/02/05 10:55 p.m.9 views

CVE-2022-1155

Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10...

7.4CVSS6.6AI score0.00977EPSS
Exploits1References1
veracode
veracode
added 2024/10/21 7:9 a.m.12 views

Remote Code Execution (RCE)

snipe/snipe-it is vulnerable to Remote Code Execution RCE. The vulnerability is due to the deserialization of untrusted data in the cookie-handling process, allows an attacker can execute arbitrary code on the server by exploiting the APPKEY, especially if it is set to a default value as found in...

6.6CVSS8.1AI score0.00962EPSS
Exploits1References6Affected Software1
ptsecurity
ptsecurity
added 2023/09/04 12:0 a.m.6 views

PT-2023-27765

Name of the Vulnerable Software and Affected Versions hyper-bump-it versions prior to 0.5.1 Description The issue arises from hyper-bump-it reading a file glob pattern from the configuration file and combining it with the project root directory to construct a full glob pattern. This pattern is us...

5.5CVSS6.2AI score0.00336EPSS
Exploits1References13
openbugbounty
openbugbounty
added 2023/08/07 3:6 p.m.17 views

amiolegumi.it Cross Site Scripting vulnerability OBB-3570721

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
veracode
veracode
added 2023/01/05 9:31 a.m.22 views

Regular Expression Denial Of Service (ReDoS)

markdown-it is vulnerable to regular expression denial of service DoS attacks. A malicious user is able to pass a crafted regex statement through the replace function in lib/common/htmlre.js, causing an application crash due to inefficient regular expression complexity...

7.5CVSS7AI score0.00946EPSS
Exploits0References5Affected Software1
vulnrichment
vulnrichment
added 2022/12/25 12:0 a.m.8 views

CVE-2022-44380

Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting XSS for View Assigned Assets...

5.5AI score0.00488EPSS
Exploits1References1
openbugbounty
openbugbounty
added 2022/12/11 6:18 p.m.7 views

new.laroma24.it Cross Site Scripting vulnerability OBB-3095269

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
ptsecurity
ptsecurity
added 2022/08/25 12:0 a.m.3 views

PT-2022-19934 · Snipe · Snipe-It

Name of the Vulnerable Software and Affected Versions: snipe/snipe-it versions prior to 6.0.10 Description: The issue concerns a session fixation problem where the session is not invalidated after a password change. This could potentially allow unauthorized access to user accounts. Recommendation...

8CVSS5AI score0.00674EPSS
Exploits1References7
Rows per page
Query Builder