CVE-2026-48507

Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular users.edit permission to lock every admin out of the instance by editing the activated flag which determines whether or not a user can login and the...

CVE-2022-32061

An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...

Exploit for Authorization Bypass Through User-Controlled Key in Snipeitapp Snipe-It

CVE-2025-47226 - IDOR Vulnerability in Snipe-IT = v8.0.4 🚨 I...

CVE-2025-47226

Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information...

CVE-2024-51093

Stored Cross-Site Scripting XSS vulnerability in Snipe-IT - v7.0.13 allows an attacker to upload a malicious XML file containing JavaScript code. This can lead to privilege escalation when the payload is executed, granting the attacker super admin permissions within the Snipe-IT system...