Lucene search
K

762 matches found

EUVD
EUVD
added 2026/05/26 7:27 p.m.18 views

EUVD-2026-31960

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting XSS. This vulnerability is fixed in 8.4.1...

5.4CVSS5.6AI score0.00218EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 7:27 p.m.9 views

CVE-2026-44831

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting XSS. This vulnerability is fixed in 8.4.1...

5.4CVSS5.6AI score0.00218EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/26 7:27 p.m.10 views

CVE-2026-44831 Snipe-IT: XSS vulnerability in component notes

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting XSS. This vulnerability is fixed in 8.4.1...

4.8CVSS5.6AI score0.00218EPSS
Exploits0References2
CVE
CVE
added 2026/05/26 7:27 p.m.23 views

CVE-2026-44831

CVE-2026-44831 affects Snipe-IT, an IT asset/license management system. Prior to v8.4.1, users with component view access could trigger stored XSS via an unescaped notes field in the component checkout process. The issue is fixed in v8.4.1 or later. If you are using versions before 8.4.1, upgrade...

5.4CVSS5.6AI score0.00218EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

Snipe-IT 安全漏洞

Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT prior to 8.4.1 contained security vulnerabilities. These vulnerabilities stemmed from the API controller, which only removed the superuser key from the permission array, potentially...

8.8CVSS5.8AI score0.00314EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

Snipe-IT 输入验证错误漏洞

Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT prior to 8.4.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from the unauthorized storage of HTTP Referer headers in session variables,...

7.1CVSS5.8AI score0.00163EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.9 views

Snipe-IT 跨站脚本漏洞

Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT prior to 8.4.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from unescaped notes columns, which could lead to cross-site scripting attacks...

5.4CVSS5.6AI score0.00218EPSS
Exploits0References3
OSV
OSV
added 2026/05/08 11:25 p.m.11 views

GHSA-MGHP-5CQ4-V6MG Snipe-IT has an open redirect vulnerability

Open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. Impact - Phishing: Redirect users to fake login pages to steal credentials - Session Hijacking: Redirect to attacker site that captures...

5.9CVSS5.8AI score0.00163EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/08 11:25 p.m.20 views

Snipe-IT has an open redirect vulnerability

Open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. Impact - Phishing: Redirect users to fake login pages to steal credentials - Session Hijacking: Redirect to attacker site that captures...

7.1CVSS5.8AI score0.00163EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/08 11:4 p.m.9 views

EUVD-2026-28401

Snipe-IT has insecure permissions in file uploads...

9.8CVSS5.8AI score0.00475EPSS
Exploits0References3
OSV
OSV
added 2026/05/08 11:4 p.m.12 views

GHSA-XG82-2HRV-HF64 Snipe-IT has insecure permissions in file uploads

Insecure Permissions vulnerability in grokability snipe-it versions through 8.4.0, fixed after 2026-03-10 commit 676a9958, allow a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component Impact Users who can view assets, consumables, etc we...

9.8CVSS6.2AI score0.00475EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/08 11:4 p.m.8 views

Access Control Bypass

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Access Control Bypass via the app/Http/Controllers/Api/UploadedFilesController.php component. An attacker can gain unauthorized access and potentially execute arbitrary code...

9.8CVSS6.2AI score0.00475EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/08 11:4 p.m.8 views

Snipe-IT has insecure permissions in file uploads

Insecure Permissions vulnerability in grokability snipe-it versions through 8.4.0, fixed after 2026-03-10 commit 676a9958, allow a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component Impact Users who can view assets, consumables, etc we...

9.8CVSS6.2AI score0.00475EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/08 10:24 p.m.8 views

GHSA-HQ28-CRG7-95PR Snipe-IT has Privilege Escalation via API Permissions Assignment

Impact An authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/id with permissionsadmin=1. The API controller only strips the superuser key from the permissions array, allowing admin and all other permission keys...

8.8CVSS5.8AI score0.00314EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/08 10:24 p.m.7 views

Incorrect Authorization

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Incorrect Authorization in the PATCH process to /api/v1/users/id when the permissions array is not properly restricted. An attacker can gain unauthorized administrative...

8.8CVSS5.8AI score0.00314EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/08 10:24 p.m.19 views

Snipe-IT has Privilege Escalation via API Permissions Assignment

Impact An authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/id with permissionsadmin=1. The API controller only strips the superuser key from the permissions array, allowing admin and all other permission keys...

8.8CVSS5.8AI score0.00314EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/08 10:23 p.m.9 views

GHSA-R42M-953Q-6VJX Snipe-IT has Stored XSS via Component Checkout Notes (v8.4.0)

Impact Users with component view access could be impacted by an unescaped notes column. Patches This was patched in https://github.com/grokability/snipe-it/commit/28f493d84d057895fbb93b6570e7393a2c2fa438, and is fixed in v8.4.1 or greater. Workarounds None...

4.8CVSS5.8AI score0.00218EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/08 10:23 p.m.13 views

Cross-site Scripting (XSS)

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the notes field of the component checkout process. An attacker can execute arbitrary JavaScript code in the context of another user by submitting...

5.4CVSS5.8AI score0.00218EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/08 10:23 p.m.12 views

Snipe-IT has Stored XSS via Component Checkout Notes (v8.4.0)

Impact Users with component view access could be impacted by an unescaped notes column. Patches This was patched in https://github.com/grokability/snipe-it/commit/28f493d84d057895fbb93b6570e7393a2c2fa438, and is fixed in v8.4.1 or greater. Workarounds None...

5.4CVSS5.8AI score0.00218EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.15 views

PT-2026-39301

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.4.1 Description An open redirect issue in Snipe-IT allows attackers to redirect users to malicious websites. This occurs because the application uses an unvalidated HTTP Referer header stored in a session variable...

7.1CVSS5.8AI score0.00163EPSS
Exploits0References5
Rows per page
Query Builder