📦 Snipe It

CVE-2025-63601 is a critical remote code execution vulnerability in Snipe-IT asset management software. Authenticated attackers can upload malicious backup files containing arbitrary files and execute...

A stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT v7.0.13 allows attackers to upload malicious XML files containing JavaScript. When executed, this can escalate privileges to super admin, ...

This CSRF vulnerability in Snipe-IT allows attackers to trick authenticated users into performing unintended actions without their consent. It affects all users of Snipe-IT prior to version 6.2.3 who ...

CVE-2022-23064 is a host header injection vulnerability in Snipe-IT that allows attackers to send password reset links pointing to attacker-controlled servers. When users click these links, their pass...

This vulnerability in Snipe-IT allows attackers to bypass authentication by reusing old sessions even after the login enable function is activated. It affects all Snipe-IT instances prior to version 5...

CVE-2021-4075 is a Server-Side Request Forgery (SSRF) vulnerability in Snipe-IT that allows attackers to make the application send unauthorized requests to internal systems. This could lead to informa...

CVE-2021-3858 is a Cross-Site Request Forgery (CSRF) vulnerability in Snipe-IT that allows attackers to trick authenticated users into performing unintended actions. This affects all Snipe-IT users wi...

This stored cross-site scripting (XSS) vulnerability in Snipe-IT allows authenticated users with low privileges to inject malicious JavaScript into the Locations 'Country' field. When other users view...

This stored cross-site scripting (XSS) vulnerability in Snipe-IT allows authenticated users with low privileges to inject malicious JavaScript that executes in administrator sessions. This enables pri...

Snipe-IT v8.3.4 contains a reflected XSS vulnerability in the CSV import workflow where invalid file uploads return unsanitized HTML in progress messages. An authenticated attacker can inject maliciou...

CVE-2025-59713 is an unsafe deserialization vulnerability in Snipe-IT versions before 8.1.18 that could allow remote code execution. This affects all organizations using vulnerable Snipe-IT instances ...

CVE-2025-59712 is a cross-site scripting (XSS) vulnerability in Snipe-IT asset management software. It allows attackers to inject malicious scripts into web pages viewed by other users. Organizations ...

CVE-2025-47226 is an authorization bypass vulnerability in Snipe-IT that allows unauthorized access to asset information. Attackers can exploit incorrect authorization checks to view sensitive asset d...

Snipe-IT versions before 7.0.10 contain a remote code execution vulnerability via cookie serialization when an attacker obtains the APP_KEY. This allows unauthenticated attackers to execute arbitrary ...

CVE-2022-0611 is a missing authorization vulnerability in Snipe-IT asset management software that allows authenticated users to access unauthorized functionality. This affects all Snipe-IT installatio...

CVE-2022-0579 is a missing authorization vulnerability in Snipe-IT asset management software that allows authenticated users to access unauthorized functionality. This affects all Snipe-IT installatio...