Snipeitapp Snipe-it
8 CVEs affecting Snipeitapp Snipe-it. Latest disclosed: 2026-05-26. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-37709 | Critical | 9.8 | 2026-05-07 | Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute ar… |
CVE-2026-44832 | High | 8.8 | 2026-05-26 | Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to… |
CVE-2025-59713 | Medium | 6.8 | 2025-09-19 | Snipe-IT before 8.1.18 allows unsafe deserialization. |
CVE-2026-38533 | Medium | 6.5 | 2026-04-14 | An improper authorization vulnerability in the /api/v1/users/{id} endpoint of Snipe-IT v8.4.0 allows authenticated attackers with the users.edit permission to… |
CVE-2025-59712 | Medium | 6.4 | 2025-09-19 | Snipe-IT before 8.1.18 allows XSS. |
CVE-2026-44833 | Medium | 5.9 | 2026-05-26 | Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious s… |
CVE-2025-47226 | Medium | 5.0 | 2025-05-02 | Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information. |
CVE-2026-44831 | Medium | 4.8 | 2026-05-26 | Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting i… |