snipe/snipe-it Security Advisories for v6.0.13 (10)
-
[MEDIUM] Snipe-IT allows unsafe deserialization
PKSA-xzw3-k89w-sm61 CVE-2025-59713 GHSA-phwj-fgch-xvrj
Affected version: <8.1.18
Reported by:
GitHub -
[MEDIUM] Snipe-IT allows XSS
PKSA-hsvj-t2cd-6x2t CVE-2025-59712 GHSA-c9wp-pr7f-hfqm
Affected version: <8.1.18
Reported by:
GitHub -
[MEDIUM] Grokability Snipe-IT has incorrect authorization for accessing asset information
PKSA-vcwy-q31n-p6vy CVE-2025-47226 GHSA-h3vp-qwmx-5j25
Affected version: <8.1.0
Reported by:
GitHub -
[HIGH] Cross Site Scripting vulnerability in Snipe-IT
PKSA-b5q2-426v-y91n CVE-2024-51093 GHSA-hw9x-8m75-4vjq
Affected version: <=7.0.13
Reported by:
GitHub -
[HIGH] Snipe-IT remote code execution
PKSA-xdch-tcv5-mhm5 CVE-2024-48987 GHSA-57qh-vmjr-5jxg
Affected version: <7.0.10
Reported by:
GitHub -
[HIGH] Snipe-IT allows users to promote or demote themselves or other users
PKSA-z8qx-662q-rf8y CVE-2024-5685 GHSA-544r-fc65-v832
Affected version: <6.4.2
Reported by:
GitHub -
[HIGH] Cross-Site Request Forgery (CSRF) in snipe/snipe-it
PKSA-vwgv-c27j-814j CVE-2023-5511 GHSA-33vj-r6p6-x4p8
Affected version: <=6.2.2
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in snipe/snipe-it
PKSA-cht9-1vc6-6bmf CVE-2023-5452 GHSA-rr5c-69c9-gj9f
Affected version: <=6.2.1
Reported by:
GitHub -
[MEDIUM] Snipe-IT vulnerable to Cross Site Scripting for View Assigned Assets
PKSA-44wz-9w6n-4dr3 CVE-2022-44380 GHSA-363q-j92x-7543
Affected version: <6.0.14
Reported by:
GitHub -
[MEDIUM] Snipe-IT allows attackers to check whether a user account exists
PKSA-jrdw-kz9p-4bz7 CVE-2022-44381 GHSA-qqv9-gqh5-7h99
Affected version: <=6.0.14
Reported by:
GitHub