Snipeitapp: >> Snipe-It >> 0.3.4 Security Vulnerabilities
Snipe-IT before version 8.3.3 contains a remote code execution vulnerability that allows an authenticated attacker to upload a malicious backup file containing arbitrary files and execute system commands.
CVSS Score
9.9
EPSS Score
0.002
Published
2025-11-05
Snipe-IT before 8.1.18 allows unsafe deserialization.
CVSS Score
6.8
EPSS Score
0.0
Published
2025-09-19
Snipe-IT before 8.1.18 allows XSS.
CVSS Score
6.4
EPSS Score
0.0
Published
2025-09-19
Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information.
CVSS Score
5.0
EPSS Score
0.003
Published
2025-05-02
Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product's repository, that have default APP_KEY values.
CVSS Score
6.6
EPSS Score
0.01
Published
2024-10-11
Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-10-11
Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-10-06
Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-12-25
Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for View Assigned Assets.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-12-25
Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-09-17
Page 1