Filtered by vendor Snipeitapp
Subscriptions
Filtered by product Snipe-it
Subscriptions
Total
36 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-0179 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 5.4 Medium |
snipe-it is vulnerable to Missing Authorization | ||||
CVE-2022-0178 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 6.3 Medium |
Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8. | ||||
CVE-2021-4130 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 8.8 High |
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
CVE-2021-4108 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 6.1 Medium |
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
CVE-2021-4089 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 4.3 Medium |
snipe-it is vulnerable to Improper Access Control | ||||
CVE-2021-4075 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 7.2 High |
snipe-it is vulnerable to Server-Side Request Forgery (SSRF) | ||||
CVE-2021-4018 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 5.4 Medium |
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
CVE-2021-3961 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 5.4 Medium |
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
CVE-2021-3938 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 5.4 Medium |
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
CVE-2021-3931 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 4.3 Medium |
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
CVE-2021-3879 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 5.4 Medium |
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
CVE-2021-3863 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 6.1 Medium |
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
CVE-2021-3858 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 8.8 High |
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
CVE-2019-10118 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | N/A |
Snipe-IT before 4.6.14 has XSS, as demonstrated by log_meta values and the user's last name in the API. | ||||
CVE-2024-51094 | 1 Snipeitapp | 1 Snipe-it | 2024-11-19 | 8 High |
An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged attacker to modify their profile name and inject a malicious payload into the "Name" field. When an administrator later accesses the People Management page, exports the data as a CSV file, and opens it, the injected payload will be executed, allowing the attacker to exfiltrate internal system data from the CSV file to a remote server. | ||||
CVE-2024-48987 | 1 Snipeitapp | 1 Snipe-it | 2024-10-15 | 6.6 Medium |
Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product's repository, that have default APP_KEY values. |