Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
SnipeitappSnipe-it

18 matches found

CVE
CVEadded 2022/02/14 7:15 p.m.116 views

CVE-2022-0579

Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9.

6.5CVSS6.3AI score0.00287EPSS
CVE
CVEadded 2022/02/17 2:15 a.m.109 views

CVE-2022-0622

Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11.

5.3CVSS5.1AI score0.00067EPSS
CVE
CVEadded 2022/02/14 12:15 p.m.106 views

CVE-2022-0569

Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.

5.3CVSS4.5AI score0.00338EPSS
CVE
CVEadded 2022/02/16 12:15 a.m.106 views

CVE-2022-0611

Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11.

8.8CVSS7.2AI score0.0027EPSS
CVE
CVEadded 2022/01/13 11:15 p.m.87 views

CVE-2022-0178

Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8.

6.3CVSS5.5AI score0.00213EPSS
CVE
CVEadded 2022/04/28 3:15 p.m.83 views

CVE-2022-1511

Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4.

6.5CVSS6.4AI score0.00266EPSS
CVE
CVEadded 2022/07/07 11:15 p.m.83 views

CVE-2022-32060

An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.

4.8CVSS5.6AI score0.05026EPSS
CVE
CVEadded 2022/03/30 1:15 p.m.81 views

CVE-2022-1155

Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10.

7.4CVSS7.4AI score0.00241EPSS
CVE
CVEadded 2022/04/24 3:15 p.m.79 views

CVE-2022-1445

Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie.

9CVSS5.6AI score0.00313EPSS
CVE
CVEadded 2022/05/02 1:15 p.m.79 views

CVE-2022-23064

In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus leading to password re...

8.8CVSS8.6AI score0.00396EPSS
CVE
CVEadded 2022/08/25 9:15 p.m.73 views

CVE-2022-2997

Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10.

8CVSS6AI score0.00869EPSS
CVE
CVEadded 2022/04/16 12:15 p.m.72 views

CVE-2022-1380

Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie.

9.1CVSS5.6AI score0.00236EPSS
CVE
CVEadded 2022/07/07 11:15 p.m.72 views

CVE-2022-32061

An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.

4.8CVSS5.6AI score0.00407EPSS
CVE
CVEadded 2022/08/29 8:15 p.m.65 views

CVE-2022-3035

Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11.

5.9CVSS4.9AI score0.00079EPSS
CVE
CVEadded 2022/12/25 5:15 a.m.63 views

CVE-2022-44381

Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request.

5.3CVSS5.2AI score0.00092EPSS
CVE
CVEadded 2022/09/17 7:15 a.m.61 views

CVE-2022-3173

Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10.

4.3CVSS4.5AI score0.00138EPSS
CVE
CVEadded 2022/12/25 5:15 a.m.61 views

CVE-2022-44380

Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for View Assigned Assets.

5.4CVSS5.2AI score0.00092EPSS
CVE
CVEadded 2022/01/12 5:15 a.m.60 views

CVE-2022-0179

snipe-it is vulnerable to Missing Authorization

6.3CVSS5.5AI score0.00221EPSS