Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/snipe/snipe-it@6.2.1
Typecomposer
Namespacesnipe
Namesnipe-it
Version6.2.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version8.4.1
Latest_non_vulnerable_version8.4.1
Affected_by_vulnerabilities
0
url VCID-16y9-smp1-nfaa
vulnerability_id VCID-16y9-smp1-nfaa
summary Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-5511
reference_id
reference_type
scores
0
value 0.00113
scoring_system epss
scoring_elements 0.29464
published_at 2026-06-07T12:55:00Z
1
value 0.00113
scoring_system epss
scoring_elements 0.29445
published_at 2026-06-09T12:55:00Z
2
value 0.00113
scoring_system epss
scoring_elements 0.29431
published_at 2026-06-08T12:55:00Z
3
value 0.00113
scoring_system epss
scoring_elements 0.29535
published_at 2026-06-05T12:55:00Z
4
value 0.00113
scoring_system epss
scoring_elements 0.29497
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-5511
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/commit/6d55d782806c9660e9e65dc5250faacb5d0033ed
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T15:11:33Z/
url https://github.com/snipe/snipe-it/commit/6d55d782806c9660e9e65dc5250faacb5d0033ed
3
reference_url https://huntr.dev/bounties/43206801-9862-48da-b379-e55e341d78bf
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T15:11:33Z/
url https://huntr.dev/bounties/43206801-9862-48da-b379-e55e341d78bf
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5511
reference_id CVE-2023-5511
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-5511
5
reference_url https://github.com/advisories/GHSA-33vj-r6p6-x4p8
reference_id GHSA-33vj-r6p6-x4p8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-33vj-r6p6-x4p8
fixed_packages
0
url pkg:composer/snipe/snipe-it@6.2.3
purl pkg:composer/snipe/snipe-it@6.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1d8d-19xp-9qdz
1
vulnerability VCID-5cbq-47qe-gya8
2
vulnerability VCID-6qb4-an9b-aufh
3
vulnerability VCID-6wam-dqsj-e3dv
4
vulnerability VCID-6xuf-y113-3qh1
5
vulnerability VCID-9uf7-64th-4kb9
6
vulnerability VCID-bkce-dwzp-yqda
7
vulnerability VCID-bpnp-1u65-zuc5
8
vulnerability VCID-c5ff-jcx2-8qef
9
vulnerability VCID-f84w-4gun-ubej
10
vulnerability VCID-hy2w-kubr-x7as
11
vulnerability VCID-rq9n-n2fj-xkdy
12
vulnerability VCID-xk24-e9d1-4bd8
13
vulnerability VCID-xkq8-5ufk-3uaf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@6.2.3
aliases CVE-2023-5511, GHSA-33vj-r6p6-x4p8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-16y9-smp1-nfaa
1
url VCID-1d8d-19xp-9qdz
vulnerability_id VCID-1d8d-19xp-9qdz
summary 
Snipe-IT has sensitive user attributes related to account privileges that are insufficiently protected against mass assignment
Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the Super Admin account. By changing the email address of the Super Admin and triggering a password reset, an attacker can fully take over the Super Admin account, resulting in complete administrative control of the Snipe-IT instance.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-15602
reference_id
reference_type
scores
0
value 0.00029
scoring_system epss
scoring_elements 0.08637
published_at 2026-06-07T12:55:00Z
1
value 0.00029
scoring_system epss
scoring_elements 0.08627
published_at 2026-06-09T12:55:00Z
2
value 0.00029
scoring_system epss
scoring_elements 0.0859
published_at 2026-06-08T12:55:00Z
3
value 0.00029
scoring_system epss
scoring_elements 0.0864
published_at 2026-06-05T12:55:00Z
4
value 0.00029
scoring_system epss
scoring_elements 0.08657
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-15602
1
reference_url https://github.com/grokability/snipe-it
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/grokability/snipe-it
2
reference_url https://github.com/grokability/snipe-it/releases/tag/v8.3.7
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-09T15:12:04Z/
url https://github.com/grokability/snipe-it/releases/tag/v8.3.7
3
reference_url https://snipeitapp.com
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://snipeitapp.com
4
reference_url https://www.vulncheck.com/advisories/snipe-it-mass-assignment-vulnerability-leading-to-privilege-escalation
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-09T15:12:04Z/
url https://www.vulncheck.com/advisories/snipe-it-mass-assignment-vulnerability-leading-to-privilege-escalation
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-15602
reference_id CVE-2025-15602
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-15602
6
reference_url https://github.com/advisories/GHSA-5448-v74m-7mv7
reference_id GHSA-5448-v74m-7mv7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5448-v74m-7mv7
7
reference_url https://snipeitapp.com/
reference_id snipeitapp.com
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-09T15:12:04Z/
url https://snipeitapp.com/
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.3.7
purl pkg:composer/snipe/snipe-it@8.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6qb4-an9b-aufh
1
vulnerability VCID-6wam-dqsj-e3dv
2
vulnerability VCID-hy2w-kubr-x7as
3
vulnerability VCID-xk24-e9d1-4bd8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.3.7
aliases CVE-2025-15602, GHSA-5448-v74m-7mv7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1d8d-19xp-9qdz
2
url VCID-5cbq-47qe-gya8
vulnerability_id VCID-5cbq-47qe-gya8
summary Cross Site Scripting vulnerability in Snipe-IT v.7.0.13 allows a remote attacker to escalate privileges via an unknown part of the file /users/{{user-id}}/#files.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-51093
reference_id
reference_type
scores
0
value 0.00307
scoring_system epss
scoring_elements 0.54236
published_at 2026-06-07T12:55:00Z
1
value 0.00307
scoring_system epss
scoring_elements 0.54235
published_at 2026-06-09T12:55:00Z
2
value 0.00307
scoring_system epss
scoring_elements 0.54213
published_at 2026-06-08T12:55:00Z
3
value 0.00307
scoring_system epss
scoring_elements 0.54237
published_at 2026-06-05T12:55:00Z
4
value 0.00307
scoring_system epss
scoring_elements 0.54246
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-51093
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://gist.githubusercontent.com/Tommywarren/ca70f1c43f4ec34dc19cd13459535780/raw/d13192ae50bc7c024b922412dfa3f530faa8d5db/CVE-2024-51093
reference_id CVE-2024-51093
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-21T18:08:52Z/
url https://gist.githubusercontent.com/Tommywarren/ca70f1c43f4ec34dc19cd13459535780/raw/d13192ae50bc7c024b922412dfa3f530faa8d5db/CVE-2024-51093
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-51093
reference_id CVE-2024-51093
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-51093
4
reference_url https://github.com/advisories/GHSA-hw9x-8m75-4vjq
reference_id GHSA-hw9x-8m75-4vjq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hw9x-8m75-4vjq
fixed_packages
aliases CVE-2024-51093, GHSA-hw9x-8m75-4vjq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5cbq-47qe-gya8
3
url VCID-6qb4-an9b-aufh
vulnerability_id VCID-6qb4-an9b-aufh
summary 
Snipe-IT has an open redirect vulnerability
Open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable.

### Impact

-   **Phishing**: Redirect users to fake login pages to steal credentials
-   **Session Hijacking**: Redirect to attacker site that captures session cookies via JavaScript
-   **Malware Distribution**: Redirect to sites hosting malware or drive-by downloads
-   **Reputation Damage**: Users lose trust when redirected to malicious sites from legitimate application
-   **Social Engineering**: Use trusted Snipe-IT domain to increase phishing success rate

When the user clicks "Save", the application: 
1. Processes the form 
2. Checks `redirect_option` (if set to 'back') 
3. Calls `Helper::getRedirectOption()` 
4. Retrieves `back_url` from session: `https://evil.com/phishing?target=snipeit` 
5. Executes `redirect()->to($backUrl)` 
6. User is redirected to attacker's site

This would still require session poisoning, so the actual practical threat here is minimal. 

### Patches
Patched in https://github.com/grokability/snipe-it/commit/e37649212861a337e68a624e589c3540b7a82373, released in 8.4.1.

### Workarounds
 None.

### Resources
-   CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
-   OWASP: Unvalidated Redirects and Forwards
-   Laravel Security: Safe Redirects

[snipeit_open_redirect_submission.md](https://github.com/user-attachments/files/27414869/snipeit_open_redirect_submission.md)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44833
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.0209
published_at 2026-06-09T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02114
published_at 2026-06-05T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.02121
published_at 2026-06-06T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.02109
published_at 2026-06-07T12:55:00Z
4
value 0.00013
scoring_system epss
scoring_elements 0.02097
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44833
1
reference_url https://github.com/grokability/snipe-it
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grokability/snipe-it
2
reference_url https://github.com/grokability/snipe-it/security/advisories/GHSA-mghp-5cq4-v6mg
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T14:20:51Z/
url https://github.com/grokability/snipe-it/security/advisories/GHSA-mghp-5cq4-v6mg
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44833
reference_id CVE-2026-44833
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44833
4
reference_url https://github.com/grokability/snipe-it/commit/e37649212861a337e68a624e589c3540b7a82373
reference_id e37649212861a337e68a624e589c3540b7a82373
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T14:20:51Z/
url https://github.com/grokability/snipe-it/commit/e37649212861a337e68a624e589c3540b7a82373
5
reference_url https://github.com/advisories/GHSA-mghp-5cq4-v6mg
reference_id GHSA-mghp-5cq4-v6mg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mghp-5cq4-v6mg
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.4.1
purl pkg:composer/snipe/snipe-it@8.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.4.1
aliases CVE-2026-44833, GHSA-mghp-5cq4-v6mg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6qb4-an9b-aufh
4
url VCID-6wam-dqsj-e3dv
vulnerability_id VCID-6wam-dqsj-e3dv
summary 
Snipe-IT has Privilege Escalation via API Permissions Assignment
### Impact
An authenticated user with only `users.edit` permission can escalate their own privileges to `admin` by sending a PATCH request to `/api/v1/users/{id}` with `permissions[admin]=1`. The API controller only strips the `superuser` key from the permissions array, allowing `admin` and all other permission keys to be set by any user who can update users.

### Patches
Patched in https://github.com/grokability/snipe-it/commit/ce18ff669ceb0f0349749fd5d11c1d3d40b10569, fix was released in v8.4.1

### Workarounds
None.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44832
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.0257
published_at 2026-06-09T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02665
published_at 2026-06-05T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02673
published_at 2026-06-06T12:55:00Z
3
value 0.00014
scoring_system epss
scoring_elements 0.02619
published_at 2026-06-07T12:55:00Z
4
value 0.00014
scoring_system epss
scoring_elements 0.02603
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44832
1
reference_url https://github.com/grokability/snipe-it
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/grokability/snipe-it
2
reference_url https://github.com/grokability/snipe-it/commit/ce18ff669ceb0f0349749fd5d11c1d3d40b10569
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T14:05:22Z/
url https://github.com/grokability/snipe-it/commit/ce18ff669ceb0f0349749fd5d11c1d3d40b10569
3
reference_url https://github.com/grokability/snipe-it/security/advisories/GHSA-hq28-crg7-95pr
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T14:05:22Z/
url https://github.com/grokability/snipe-it/security/advisories/GHSA-hq28-crg7-95pr
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44832
reference_id CVE-2026-44832
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44832
5
reference_url https://github.com/advisories/GHSA-hq28-crg7-95pr
reference_id GHSA-hq28-crg7-95pr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hq28-crg7-95pr
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.4.1
purl pkg:composer/snipe/snipe-it@8.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.4.1
aliases CVE-2026-44832, GHSA-hq28-crg7-95pr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6wam-dqsj-e3dv
5
url VCID-6xuf-y113-3qh1
vulnerability_id VCID-6xuf-y113-3qh1
summary 
Snipe-IT allows XSS
Snipe-IT before 8.1.18 allows XSS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-59712
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01584
published_at 2026-06-05T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.0158
published_at 2026-06-09T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01583
published_at 2026-06-08T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.0159
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-59712
1
reference_url https://github.com/grokability/snipe-it
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grokability/snipe-it
2
reference_url https://github.com/grokability/snipe-it/releases/tag/v8.1.18
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-19T13:49:48Z/
url https://github.com/grokability/snipe-it/releases/tag/v8.1.18
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-59712
reference_id CVE-2025-59712
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-59712
4
reference_url https://github.com/advisories/GHSA-c9wp-pr7f-hfqm
reference_id GHSA-c9wp-pr7f-hfqm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c9wp-pr7f-hfqm
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.1.18
purl pkg:composer/snipe/snipe-it@8.1.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1d8d-19xp-9qdz
1
vulnerability VCID-6qb4-an9b-aufh
2
vulnerability VCID-6wam-dqsj-e3dv
3
vulnerability VCID-bkce-dwzp-yqda
4
vulnerability VCID-bpnp-1u65-zuc5
5
vulnerability VCID-c5ff-jcx2-8qef
6
vulnerability VCID-hy2w-kubr-x7as
7
vulnerability VCID-xk24-e9d1-4bd8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.1.18
aliases CVE-2025-59712, GHSA-c9wp-pr7f-hfqm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6xuf-y113-3qh1
6
url VCID-9uf7-64th-4kb9
vulnerability_id VCID-9uf7-64th-4kb9
summary 
Snipe-IT allows unsafe deserialization
Snipe-IT before 8.1.18 allows unsafe deserialization.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-59713
reference_id
reference_type
scores
0
value 0.00039
scoring_system epss
scoring_elements 0.12022
published_at 2026-06-06T12:55:00Z
1
value 0.00039
scoring_system epss
scoring_elements 0.11919
published_at 2026-06-09T12:55:00Z
2
value 0.00039
scoring_system epss
scoring_elements 0.11909
published_at 2026-06-08T12:55:00Z
3
value 0.00039
scoring_system epss
scoring_elements 0.12026
published_at 2026-06-05T12:55:00Z
4
value 0.00039
scoring_system epss
scoring_elements 0.11983
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-59713
1
reference_url https://github.com/grokability/snipe-it
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grokability/snipe-it
2
reference_url https://github.com/grokability/snipe-it/releases/tag/v8.1.18
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T13:49:18Z/
url https://github.com/grokability/snipe-it/releases/tag/v8.1.18
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-59713
reference_id CVE-2025-59713
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-59713
4
reference_url https://github.com/advisories/GHSA-phwj-fgch-xvrj
reference_id GHSA-phwj-fgch-xvrj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-phwj-fgch-xvrj
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.1.18
purl pkg:composer/snipe/snipe-it@8.1.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1d8d-19xp-9qdz
1
vulnerability VCID-6qb4-an9b-aufh
2
vulnerability VCID-6wam-dqsj-e3dv
3
vulnerability VCID-bkce-dwzp-yqda
4
vulnerability VCID-bpnp-1u65-zuc5
5
vulnerability VCID-c5ff-jcx2-8qef
6
vulnerability VCID-hy2w-kubr-x7as
7
vulnerability VCID-xk24-e9d1-4bd8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.1.18
aliases CVE-2025-59713, GHSA-phwj-fgch-xvrj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9uf7-64th-4kb9
7
url VCID-acwy-5nbp-yyb4
vulnerability_id VCID-acwy-5nbp-yyb4
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-5452
reference_id
reference_type
scores
0
value 0.00115
scoring_system epss
scoring_elements 0.29759
published_at 2026-06-08T12:55:00Z
1
value 0.00115
scoring_system epss
scoring_elements 0.29771
published_at 2026-06-09T12:55:00Z
2
value 0.00115
scoring_system epss
scoring_elements 0.29793
published_at 2026-06-07T12:55:00Z
3
value 0.00115
scoring_system epss
scoring_elements 0.29825
published_at 2026-06-06T12:55:00Z
4
value 0.00115
scoring_system epss
scoring_elements 0.29862
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-5452
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/commit/eea2eabaeef16fc8f3a1d61b19c06e9fc8ed942a
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T14:16:22Z/
url https://github.com/snipe/snipe-it/commit/eea2eabaeef16fc8f3a1d61b19c06e9fc8ed942a
3
reference_url https://huntr.dev/bounties/d6ed5ac1-2ad6-45fd-9492-979820bf60c8
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T14:16:22Z/
url https://huntr.dev/bounties/d6ed5ac1-2ad6-45fd-9492-979820bf60c8
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5452
reference_id CVE-2023-5452
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-5452
5
reference_url https://github.com/advisories/GHSA-rr5c-69c9-gj9f
reference_id GHSA-rr5c-69c9-gj9f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rr5c-69c9-gj9f
fixed_packages
0
url pkg:composer/snipe/snipe-it@6.2.2
purl pkg:composer/snipe/snipe-it@6.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16y9-smp1-nfaa
1
vulnerability VCID-1d8d-19xp-9qdz
2
vulnerability VCID-5cbq-47qe-gya8
3
vulnerability VCID-6qb4-an9b-aufh
4
vulnerability VCID-6wam-dqsj-e3dv
5
vulnerability VCID-6xuf-y113-3qh1
6
vulnerability VCID-9uf7-64th-4kb9
7
vulnerability VCID-bkce-dwzp-yqda
8
vulnerability VCID-bpnp-1u65-zuc5
9
vulnerability VCID-c5ff-jcx2-8qef
10
vulnerability VCID-f84w-4gun-ubej
11
vulnerability VCID-hy2w-kubr-x7as
12
vulnerability VCID-rq9n-n2fj-xkdy
13
vulnerability VCID-xk24-e9d1-4bd8
14
vulnerability VCID-xkq8-5ufk-3uaf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@6.2.2
aliases CVE-2023-5452, GHSA-rr5c-69c9-gj9f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-acwy-5nbp-yyb4
8
url VCID-bkce-dwzp-yqda
vulnerability_id VCID-bkce-dwzp-yqda
summary 
Snipe-IT allows stored XSS via the Locations "Country" field
Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-65622
reference_id
reference_type
scores
0
value 0.00026
scoring_system epss
scoring_elements 0.0769
published_at 2026-06-07T12:55:00Z
1
value 0.00026
scoring_system epss
scoring_elements 0.07658
published_at 2026-06-09T12:55:00Z
2
value 0.00026
scoring_system epss
scoring_elements 0.07644
published_at 2026-06-08T12:55:00Z
3
value 0.00026
scoring_system epss
scoring_elements 0.07703
published_at 2026-06-05T12:55:00Z
4
value 0.00026
scoring_system epss
scoring_elements 0.07715
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-65622
1
reference_url https://github.com/grokability/snipe-it
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grokability/snipe-it
2
reference_url https://github.com/grokability/snipe-it/commit/23feb64b5ab3d92eb8755da41049ac43a3d0e05b
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grokability/snipe-it/commit/23feb64b5ab3d92eb8755da41049ac43a3d0e05b
3
reference_url https://github.com/grokability/snipe-it/releases/tag/v8.3.4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grokability/snipe-it/releases/tag/v8.3.4
4
reference_url http://snipeitapp.com
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T16:37:13Z/
url http://snipeitapp.com
5
reference_url https://github.com/firef0x00/vulnerability-research/tree/main/CVE-2025-65622
reference_id CVE-2025-65622
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T16:37:13Z/
url https://github.com/firef0x00/vulnerability-research/tree/main/CVE-2025-65622
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-65622
reference_id CVE-2025-65622
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-65622
7
reference_url https://github.com/advisories/GHSA-4g25-wj72-chxg
reference_id GHSA-4g25-wj72-chxg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4g25-wj72-chxg
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.3.4
purl pkg:composer/snipe/snipe-it@8.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1d8d-19xp-9qdz
1
vulnerability VCID-6qb4-an9b-aufh
2
vulnerability VCID-6wam-dqsj-e3dv
3
vulnerability VCID-c5ff-jcx2-8qef
4
vulnerability VCID-hy2w-kubr-x7as
5
vulnerability VCID-xk24-e9d1-4bd8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.3.4
aliases CVE-2025-65622, GHSA-4g25-wj72-chxg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bkce-dwzp-yqda
9
url VCID-bpnp-1u65-zuc5
vulnerability_id VCID-bpnp-1u65-zuc5
summary 
Snipe-IT is vulnerable to stored cross-site scripting
Snipe-IT before 8.3.4 allows stored XSS, allowing a low-privileged authenticated user to inject JavaScript that executes in an administrator's session, enabling privilege escalation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-65621
reference_id
reference_type
scores
0
value 0.00024
scoring_system epss
scoring_elements 0.06925
published_at 2026-06-09T12:55:00Z
1
value 0.00024
scoring_system epss
scoring_elements 0.06917
published_at 2026-06-08T12:55:00Z
2
value 0.00024
scoring_system epss
scoring_elements 0.06955
published_at 2026-06-07T12:55:00Z
3
value 0.00024
scoring_system epss
scoring_elements 0.06968
published_at 2026-06-06T12:55:00Z
4
value 0.00024
scoring_system epss
scoring_elements 0.06963
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-65621
1
reference_url https://github.com/grokability/snipe-it
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grokability/snipe-it
2
reference_url https://github.com/grokability/snipe-it/releases/tag/v8.3.4
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grokability/snipe-it/releases/tag/v8.3.4
3
reference_url http://snipeitapp.com
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T14:34:04Z/
url http://snipeitapp.com
4
reference_url https://github.com/firef0x00/vulnerability-research/tree/main/CVE-2025-65621
reference_id CVE-2025-65621
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T14:34:04Z/
url https://github.com/firef0x00/vulnerability-research/tree/main/CVE-2025-65621
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-65621
reference_id CVE-2025-65621
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-65621
6
reference_url https://github.com/advisories/GHSA-fww5-m9wc-jcjc
reference_id GHSA-fww5-m9wc-jcjc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fww5-m9wc-jcjc
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.3.4
purl pkg:composer/snipe/snipe-it@8.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1d8d-19xp-9qdz
1
vulnerability VCID-6qb4-an9b-aufh
2
vulnerability VCID-6wam-dqsj-e3dv
3
vulnerability VCID-c5ff-jcx2-8qef
4
vulnerability VCID-hy2w-kubr-x7as
5
vulnerability VCID-xk24-e9d1-4bd8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.3.4
aliases CVE-2025-65621, GHSA-fww5-m9wc-jcjc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bpnp-1u65-zuc5
10
url VCID-c5ff-jcx2-8qef
vulnerability_id VCID-c5ff-jcx2-8qef
summary 
Snipe-IT has Cross-site Scripting vulnerability in CSV import workflow
Snipe-IT v8.3.4 (build 20218) contains a reflected cross-site scripting (XSS) vulnerability in the CSV Import workflow. When an invalid CSV file is uploaded, the application returns a progress_message value that is rendered as raw HTML in the admin interface. An attacker can intercept and modify the POST /livewire/update request to inject arbitrary HTML or JavaScript into the progress_message. Because the server accepts the modified input without sanitization and reflects it back to the user, arbitrary JavaScript executes in the browser of any authenticated admin who views the import page.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-64027
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.0213
published_at 2026-06-07T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02111
published_at 2026-06-09T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.02117
published_at 2026-06-08T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.02134
published_at 2026-06-05T12:55:00Z
4
value 0.00013
scoring_system epss
scoring_elements 0.02141
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-64027
1
reference_url https://github.com/grokability/snipe-it
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-20T21:37:16Z/
url https://github.com/grokability/snipe-it
2
reference_url https://github.com/cybercrewinc/CVE-2025-64027
reference_id CVE-2025-64027
reference_type
scores
0
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L/E:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/cybercrewinc/CVE-2025-64027
3
reference_url https://github.com/cybercrewinc/CVE-2025-64027/
reference_id CVE-2025-64027
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-20T21:37:16Z/
url https://github.com/cybercrewinc/CVE-2025-64027/
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64027
reference_id CVE-2025-64027
reference_type
scores
0
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L/E:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-64027
5
reference_url https://github.com/advisories/GHSA-8x9v-8qgj-945x
reference_id GHSA-8x9v-8qgj-945x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8x9v-8qgj-945x
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.3.5
purl pkg:composer/snipe/snipe-it@8.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1d8d-19xp-9qdz
1
vulnerability VCID-6qb4-an9b-aufh
2
vulnerability VCID-6wam-dqsj-e3dv
3
vulnerability VCID-hy2w-kubr-x7as
4
vulnerability VCID-xk24-e9d1-4bd8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.3.5
aliases CVE-2025-64027, GHSA-8x9v-8qgj-945x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c5ff-jcx2-8qef
11
url VCID-f84w-4gun-ubej
vulnerability_id VCID-f84w-4gun-ubej
summary 
Snipe-IT allows users to promote or demote themselves or other users
Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1.
references
0
reference_url https://advisory.checkmarx.net/?search=CVE-2024-5685
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
2
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-12T19:05:09Z/
url https://advisory.checkmarx.net/?search=CVE-2024-5685
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-5685
reference_id
reference_type
scores
0
value 0.00159
scoring_system epss
scoring_elements 0.36637
published_at 2026-06-06T12:55:00Z
1
value 0.00159
scoring_system epss
scoring_elements 0.36628
published_at 2026-06-05T12:55:00Z
2
value 0.00159
scoring_system epss
scoring_elements 0.366
published_at 2026-06-07T12:55:00Z
3
value 0.00159
scoring_system epss
scoring_elements 0.36563
published_at 2026-06-08T12:55:00Z
4
value 0.00159
scoring_system epss
scoring_elements 0.36573
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-5685
2
reference_url https://devhub.checkmarx.com/cve-details/CVE-2024-5685
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://devhub.checkmarx.com/cve-details/CVE-2024-5685
3
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
4
reference_url https://github.com/snipe/snipe-it/commit/34f1ea1c0ecd403047cd1327569ee391a7201cc1
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
2
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-12T19:05:09Z/
url https://github.com/snipe/snipe-it/commit/34f1ea1c0ecd403047cd1327569ee391a7201cc1
5
reference_url https://github.com/snipe/snipe-it/pull/14745
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
2
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-12T19:05:09Z/
url https://github.com/snipe/snipe-it/pull/14745
6
reference_url https://github.com/snipe/snipe-it/releases/tag/v6.4.2
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
2
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-12T19:05:09Z/
url https://github.com/snipe/snipe-it/releases/tag/v6.4.2
7
reference_url https://devhub.checkmarx.com/cve-details/CVE-2024-5685/
reference_id CVE-2024-5685
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-12T19:05:09Z/
url https://devhub.checkmarx.com/cve-details/CVE-2024-5685/
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-5685
reference_id CVE-2024-5685
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-5685
9
reference_url https://github.com/advisories/GHSA-544r-fc65-v832
reference_id GHSA-544r-fc65-v832
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-544r-fc65-v832
fixed_packages
0
url pkg:composer/snipe/snipe-it@6.4.2
purl pkg:composer/snipe/snipe-it@6.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1d8d-19xp-9qdz
1
vulnerability VCID-5cbq-47qe-gya8
2
vulnerability VCID-6qb4-an9b-aufh
3
vulnerability VCID-6wam-dqsj-e3dv
4
vulnerability VCID-6xuf-y113-3qh1
5
vulnerability VCID-9uf7-64th-4kb9
6
vulnerability VCID-bkce-dwzp-yqda
7
vulnerability VCID-bpnp-1u65-zuc5
8
vulnerability VCID-c5ff-jcx2-8qef
9
vulnerability VCID-hy2w-kubr-x7as
10
vulnerability VCID-rq9n-n2fj-xkdy
11
vulnerability VCID-xk24-e9d1-4bd8
12
vulnerability VCID-xkq8-5ufk-3uaf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@6.4.2
aliases CVE-2024-5685, GHSA-544r-fc65-v832
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f84w-4gun-ubej
12
url VCID-hy2w-kubr-x7as
vulnerability_id VCID-hy2w-kubr-x7as
summary 
Snipe-IT has insecure permissions in file uploads
Insecure Permissions vulnerability in grokability snipe-it versions through 8.4.0, fixed after 2026-03-10 commit 676a9958, allow a remote attacker to execute arbitrary code via the `app/Http/Controllers/Api/UploadedFilesController.php` component

### Impact
Users who can view assets, consumables, etc were able to send a POST request to `/api/v1/{object_type}/{id}/files`. The API authorized with "view" instead of write permission and persists the file and audit log entry.

### Patches
Fixed after 2026-03-10 commit 676a9958, fix released to 8.4.1.

### Workarounds
None.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-37709
reference_id
reference_type
scores
0
value 0.00281
scoring_system epss
scoring_elements 0.51812
published_at 2026-06-05T12:55:00Z
1
value 0.00281
scoring_system epss
scoring_elements 0.51801
published_at 2026-06-07T12:55:00Z
2
value 0.00281
scoring_system epss
scoring_elements 0.51822
published_at 2026-06-06T12:55:00Z
3
value 0.00306
scoring_system epss
scoring_elements 0.54176
published_at 2026-06-08T12:55:00Z
4
value 0.00306
scoring_system epss
scoring_elements 0.54198
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-37709
1
reference_url https://github.com/grokability/snipe-it
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/grokability/snipe-it
2
reference_url https://github.com/grokability/snipe-it/commit/676a9958895a77de340565e7a0b17ae744664904
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-07T17:39:06Z/
url https://github.com/grokability/snipe-it/commit/676a9958895a77de340565e7a0b17ae744664904
3
reference_url https://github.com/grokability/snipe-it/security/advisories/GHSA-xg82-2hrv-hf64
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-07T17:39:06Z/
url https://github.com/grokability/snipe-it/security/advisories/GHSA-xg82-2hrv-hf64
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-37709
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-37709
5
reference_url https://github.com/advisories/GHSA-xg82-2hrv-hf64
reference_id GHSA-xg82-2hrv-hf64
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xg82-2hrv-hf64
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.4.1
purl pkg:composer/snipe/snipe-it@8.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.4.1
aliases CVE-2026-37709, GHSA-xg82-2hrv-hf64
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hy2w-kubr-x7as
13
url VCID-rq9n-n2fj-xkdy
vulnerability_id VCID-rq9n-n2fj-xkdy
summary 
Snipe-IT remote code execution
Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product's repository, that have default APP_KEY values.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-48987
reference_id
reference_type
scores
0
value 0.02734
scoring_system epss
scoring_elements 0.86261
published_at 2026-06-06T12:55:00Z
1
value 0.02734
scoring_system epss
scoring_elements 0.86245
published_at 2026-06-08T12:55:00Z
2
value 0.02734
scoring_system epss
scoring_elements 0.86257
published_at 2026-06-07T12:55:00Z
3
value 0.02734
scoring_system epss
scoring_elements 0.86259
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-48987
1
reference_url https://github.com/snipe/snipe-it
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/snipe/snipe-it
2
reference_url https://github.com/snipe/snipe-it/releases/tag/v7.0.10
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
2
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-11T14:55:26Z/
url https://github.com/snipe/snipe-it/releases/tag/v7.0.10
3
reference_url https://snipe-it.readme.io/docs/key-rotation
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://snipe-it.readme.io/docs/key-rotation
4
reference_url https://www.synacktiv.com/advisories/snipe-it-unauthenticated-remote-command-execution-when-appkey-known
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
2
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-11T14:55:26Z/
url https://www.synacktiv.com/advisories/snipe-it-unauthenticated-remote-command-execution-when-appkey-known
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-48987
reference_id CVE-2024-48987
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-48987
6
reference_url https://github.com/advisories/GHSA-57qh-vmjr-5jxg
reference_id GHSA-57qh-vmjr-5jxg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-57qh-vmjr-5jxg
fixed_packages
0
url pkg:composer/snipe/snipe-it@7.0.10
purl pkg:composer/snipe/snipe-it@7.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1d8d-19xp-9qdz
1
vulnerability VCID-5cbq-47qe-gya8
2
vulnerability VCID-6qb4-an9b-aufh
3
vulnerability VCID-6wam-dqsj-e3dv
4
vulnerability VCID-6xuf-y113-3qh1
5
vulnerability VCID-9uf7-64th-4kb9
6
vulnerability VCID-bkce-dwzp-yqda
7
vulnerability VCID-bpnp-1u65-zuc5
8
vulnerability VCID-c5ff-jcx2-8qef
9
vulnerability VCID-hy2w-kubr-x7as
10
vulnerability VCID-xk24-e9d1-4bd8
11
vulnerability VCID-xkq8-5ufk-3uaf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@7.0.10
aliases CVE-2024-48987, GHSA-57qh-vmjr-5jxg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rq9n-n2fj-xkdy
14
url VCID-xk24-e9d1-4bd8
vulnerability_id VCID-xk24-e9d1-4bd8
summary 
Snipe-IT has Stored XSS via Component Checkout Notes (v8.4.0)
### Impact
Users with component view access could be impacted by an unescaped `notes` column. 

### Patches
This was patched in https://github.com/grokability/snipe-it/commit/28f493d84d057895fbb93b6570e7393a2c2fa438, and is fixed in v8.4.1 or greater. 

### Workarounds
None.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44831
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.01987
published_at 2026-06-09T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.0201
published_at 2026-06-05T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.02017
published_at 2026-06-06T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.02006
published_at 2026-06-07T12:55:00Z
4
value 0.00013
scoring_system epss
scoring_elements 0.01993
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44831
1
reference_url https://github.com/grokability/snipe-it
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grokability/snipe-it
2
reference_url https://github.com/grokability/snipe-it/commit/28f493d84d057895fbb93b6570e7393a2c2fa438
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T16:05:13Z/
url https://github.com/grokability/snipe-it/commit/28f493d84d057895fbb93b6570e7393a2c2fa438
3
reference_url https://github.com/grokability/snipe-it/security/advisories/GHSA-r42m-953q-6vjx
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T16:05:13Z/
url https://github.com/grokability/snipe-it/security/advisories/GHSA-r42m-953q-6vjx
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44831
reference_id CVE-2026-44831
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44831
5
reference_url https://github.com/advisories/GHSA-r42m-953q-6vjx
reference_id GHSA-r42m-953q-6vjx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r42m-953q-6vjx
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.4.1
purl pkg:composer/snipe/snipe-it@8.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.4.1
aliases CVE-2026-44831, GHSA-r42m-953q-6vjx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xk24-e9d1-4bd8
15
url VCID-xkq8-5ufk-3uaf
vulnerability_id VCID-xkq8-5ufk-3uaf
summary 
Grokability Snipe-IT has incorrect authorization for accessing asset information
Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-47226
reference_id
reference_type
scores
0
value 0.01048
scoring_system epss
scoring_elements 0.77873
published_at 2026-06-08T12:55:00Z
1
value 0.01048
scoring_system epss
scoring_elements 0.77891
published_at 2026-06-09T12:55:00Z
2
value 0.01048
scoring_system epss
scoring_elements 0.77884
published_at 2026-06-07T12:55:00Z
3
value 0.01048
scoring_system epss
scoring_elements 0.77894
published_at 2026-06-06T12:55:00Z
4
value 0.01048
scoring_system epss
scoring_elements 0.77888
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-47226
1
reference_url https://github.com/grokability/snipe-it
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/grokability/snipe-it
2
reference_url https://github.com/grokability/snipe-it/compare/v8.0.4...v8.1.0
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T15:36:35Z/
url https://github.com/grokability/snipe-it/compare/v8.0.4...v8.1.0
3
reference_url https://github.com/grokability/snipe-it/pull/16672
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T15:36:35Z/
url https://github.com/grokability/snipe-it/pull/16672
4
reference_url https://github.com/grokability/snipe-it/releases/tag/v8.1.0
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T15:36:35Z/
url https://github.com/grokability/snipe-it/releases/tag/v8.1.0
5
reference_url https://github.com/koyomihack00/CVE-2025-47226/blob/main/PoC/idor-exploit.md
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T15:36:35Z/
url https://github.com/koyomihack00/CVE-2025-47226/blob/main/PoC/idor-exploit.md
6
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52282.txt
reference_id CVE-2025-47226
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52282.txt
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-47226
reference_id CVE-2025-47226
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-47226
8
reference_url https://github.com/advisories/GHSA-h3vp-qwmx-5j25
reference_id GHSA-h3vp-qwmx-5j25
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h3vp-qwmx-5j25
fixed_packages
0
url pkg:composer/snipe/snipe-it@8.1.0
purl pkg:composer/snipe/snipe-it@8.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1d8d-19xp-9qdz
1
vulnerability VCID-6qb4-an9b-aufh
2
vulnerability VCID-6wam-dqsj-e3dv
3
vulnerability VCID-6xuf-y113-3qh1
4
vulnerability VCID-9uf7-64th-4kb9
5
vulnerability VCID-bkce-dwzp-yqda
6
vulnerability VCID-bpnp-1u65-zuc5
7
vulnerability VCID-c5ff-jcx2-8qef
8
vulnerability VCID-hy2w-kubr-x7as
9
vulnerability VCID-xk24-e9d1-4bd8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@8.1.0
aliases CVE-2025-47226, GHSA-h3vp-qwmx-5j25
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xkq8-5ufk-3uaf
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/snipe/snipe-it@6.2.1