Lucene search

K

27 matches found

CVE
CVE
added 2022/02/14 7:15 p.m.117 views

CVE-2022-0579

Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9.

6.5CVSS6.3AI score0.00303EPSS
CVE
CVE
added 2022/02/14 12:15 p.m.108 views

CVE-2022-0569

Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.

5.3CVSS4.5AI score0.00356EPSS
CVE
CVE
added 2022/02/16 12:15 a.m.108 views

CVE-2022-0611

Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11.

8.8CVSS7.2AI score0.00284EPSS
CVE
CVE
added 2022/01/13 11:15 p.m.88 views

CVE-2022-0178

Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8.

6.3CVSS5.5AI score0.00213EPSS
CVE
CVE
added 2023/10/11 1:15 a.m.88 views

CVE-2023-5511

Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3.

8.8CVSS7.5AI score0.00084EPSS
CVE
CVE
added 2022/04/28 3:15 p.m.85 views

CVE-2022-1511

Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4.

6.5CVSS6.4AI score0.00266EPSS
CVE
CVE
added 2022/03/30 1:15 p.m.83 views

CVE-2022-1155

Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10.

7.4CVSS7.4AI score0.00254EPSS
CVE
CVE
added 2022/04/24 3:15 p.m.81 views

CVE-2022-1445

Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie.

9CVSS5.6AI score0.00313EPSS
CVE
CVE
added 2022/04/16 12:15 p.m.75 views

CVE-2022-1380

Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie.

9.1CVSS5.6AI score0.00236EPSS
CVE
CVE
added 2022/08/25 9:15 p.m.74 views

CVE-2022-2997

Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10.

8CVSS6AI score0.00332EPSS
CVE
CVE
added 2022/08/29 8:15 p.m.66 views

CVE-2022-3035

Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11.

5.9CVSS4.9AI score0.00243EPSS
CVE
CVE
added 2022/09/17 7:15 a.m.63 views

CVE-2022-3173

Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10.

4.3CVSS4.5AI score0.00176EPSS
CVE
CVE
added 2022/12/25 5:15 a.m.63 views

CVE-2022-44380

Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for View Assigned Assets.

5.4CVSS5.2AI score0.00115EPSS
CVE
CVE
added 2022/01/12 5:15 a.m.62 views

CVE-2022-0179

snipe-it is vulnerable to Missing Authorization

6.3CVSS5.5AI score0.00221EPSS
CVE
CVE
added 2021/10/19 1:15 p.m.61 views

CVE-2021-3879

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.8CVSS5.5AI score0.00502EPSS
CVE
CVE
added 2025/05/02 9:15 p.m.60 views

CVE-2025-47226

Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information.

5CVSS7.1AI score0.00304EPSS
CVE
CVE
added 2021/11/19 12:15 p.m.54 views

CVE-2021-3961

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

8CVSS5.7AI score0.00326EPSS
CVE
CVE
added 2021/10/19 1:15 p.m.52 views

CVE-2021-3863

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.1CVSS5.8AI score0.00238EPSS
CVE
CVE
added 2021/10/19 1:15 p.m.50 views

CVE-2021-3858

snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)

8.8CVSS6.4AI score0.00154EPSS
CVE
CVE
added 2023/10/06 8:15 p.m.48 views

CVE-2023-5452

Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.

5.5CVSS5.2AI score0.00083EPSS
Web
CVE
CVE
added 2024/10/11 1:15 p.m.48 views

CVE-2024-48987

Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product's repository, that have default APP_KEY values.

6.6CVSS8.1AI score0.01034EPSS
CVE
CVE
added 2021/12/14 8:15 p.m.44 views

CVE-2021-4108

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.4CVSS6.1AI score0.00325EPSS
CVE
CVE
added 2021/12/01 10:15 a.m.43 views

CVE-2021-4018

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.3CVSS5.5AI score0.00225EPSS
CVE
CVE
added 2021/12/18 5:15 a.m.42 views

CVE-2021-4130

snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)

8.8CVSS6.4AI score0.00158EPSS
CVE
CVE
added 2019/03/27 4:29 a.m.34 views

CVE-2019-10118

Snipe-IT before 4.6.14 has XSS, as demonstrated by log_meta values and the user's last name in the API.

6.1CVSS6.2AI score0.00216EPSS
CVE
CVE
added 2025/09/19 3:15 a.m.7 views

CVE-2025-59713

Snipe-IT before 8.1.18 allows unsafe deserialization.

8.1CVSS6.5AI score0.00046EPSS
CVE
CVE
added 2025/09/19 3:15 a.m.6 views

CVE-2025-59712

Snipe-IT before 8.1.18 allows XSS.

6.4CVSS6.5AI score0.00029EPSS