Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

snipe — Vulnerabilities & Security Advisories 28

Browse all 28 CVE security advisories affecting snipe. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Snipe-IT is an open-source IT asset management system primarily used for tracking hardware, software, and accessories within enterprise environments. Its widespread adoption has made it a frequent target for attackers, resulting in 28 recorded Common Vulnerabilities and Exposures (CVEs). Historically, the platform has suffered from critical security flaws, most notably remote code execution (RCE) vulnerabilities that allow unauthenticated attackers to gain full system control. Other prevalent issues include cross-site scripting (XSS) and improper access control mechanisms that facilitate privilege escalation. A significant incident involved a severe RCE flaw in versions prior to 5.1.1, which enabled malicious actors to execute arbitrary commands on the server. These vulnerabilities often stem from insufficient input validation and outdated dependencies, highlighting the necessity for rigorous patch management and secure configuration practices to mitigate risks in deployed instances.

Top products by snipe: snipe/snipe-it snipe-it
CVE IDTitleCVSSSeverityPublished
CVE-2024-5685 Broken Function Level Authorization (BFLA) in snipe/snipe-it — snipe-itCWE-862 7.6 High2024-06-14
CVE-2023-5511 Cross-Site Request Forgery (CSRF) in snipe/snipe-it — snipe/snipe-itCWE-352 4.3 -2023-10-11
CVE-2023-5452 Cross-site Scripting (XSS) - Stored in snipe/snipe-it — snipe/snipe-itCWE-79 5.4 -2023-10-06
CVE-2022-3173 Improper Authentication in snipe/snipe-it — snipe/snipe-itCWE-287 7.1 -2022-09-17
CVE-2022-3035 Cross-site Scripting (XSS) - Stored in snipe/snipe-it — snipe/snipe-itCWE-79 5.4 -2022-08-29
CVE-2022-2997 Session Fixation in snipe/snipe-it — snipe/snipe-itCWE-384 7.6 -2022-08-25
CVE-2022-23064 Snipe-IT - Host Header Injection — snipe-itCWE-74 8.8 High2022-05-02
CVE-2022-1511 Missing Authorization in snipe/snipe-it — snipe/snipe-itCWE-862 4.3 -2022-04-28
CVE-2022-1445 Stored Cross Site Scripting vulnerability in the checked_out_to parameter in snipe/snipe-it — snipe/snipe-itCWE-79 5.4 -2022-04-24
CVE-2022-1380 Stored Cross Site Scripting vulnerability in Item name parameter in snipe/snipe-it — snipe/snipe-itCWE-79 5.4 -2022-04-16
CVE-2022-1155 Old sessions are not blocked by the login enable function. in snipe/snipe-it — snipe/snipe-itCWE-840 7.4 -2022-03-30
CVE-2022-0622 Generation of Error Message Containing Sensitive Information in snipe/snipe-it — snipe/snipe-itCWE-209 4.3 -2022-02-17
CVE-2022-0611 Missing Authorization in snipe/snipe-it — snipe/snipe-itCWE-862 6.3 Medium2022-02-15
CVE-2022-0579 Missing Authorization in snipe/snipe-it — snipe/snipe-itCWE-862 6.5 Medium2022-02-14
CVE-2022-0569 Observable Discrepancy in snipe/snipe-it — snipe/snipe-itCWE-203 5.3 Medium2022-02-12
CVE-2022-0178 Missing Authorization in snipe/snipe-it — snipe/snipe-itCWE-862 6.3 Medium2022-01-13
CVE-2022-0179 Missing Authorization in snipe/snipe-it — snipe/snipe-itCWE-862 5.4 -2022-01-12
CVE-2021-4130 Cross-Site Request Forgery (CSRF) in snipe/snipe-it — snipe/snipe-itCWE-352 4.3 -2021-12-18
CVE-2021-4108 Cross-site Scripting (XSS) - Stored in snipe/snipe-it — snipe/snipe-itCWE-79 5.4 -2021-12-14
CVE-2021-4089 Improper Access Control in snipe/snipe-it — snipe/snipe-itCWE-284 5.4 -2021-12-10
CVE-2021-4075 Server-Side Request Forgery (SSRF) in snipe/snipe-it — snipe/snipe-itCWE-918 8.1 -2021-12-06
CVE-2021-4018 Cross-site Scripting (XSS) - Stored in snipe/snipe-it — snipe/snipe-itCWE-79 5.4 -2021-12-01
CVE-2021-3961 Cross-site Scripting (XSS) - Stored in snipe/snipe-it — snipe/snipe-itCWE-79 5.4 -2021-11-19
CVE-2021-3931 Cross-Site Request Forgery (CSRF) in snipe/snipe-it — snipe/snipe-itCWE-352 4.3 -2021-11-13
CVE-2021-3938 Cross-site Scripting (XSS) - Generic in snipe/snipe-it — snipe/snipe-itCWE-79 5.4 -2021-11-13
CVE-2021-3879 Cross-site Scripting (XSS) - Stored in snipe/snipe-it — snipe/snipe-itCWE-79 5.4 -2021-10-19
CVE-2021-3863 Cross-site Scripting (XSS) - Generic in snipe/snipe-it — snipe/snipe-itCWE-79 5.4 -2021-10-19
CVE-2021-3858 Cross-Site Request Forgery (CSRF) in snipe/snipe-it — snipe/snipe-itCWE-352 4.3 -2021-10-19

This page lists every published CVE security advisory associated with snipe. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.