snipe/snipe-it Security Advisories for v8.3.5 (5)
-
[MEDIUM] Snipe-IT has an open redirect vulnerability
PKSA-rnj3-1mvy-45m9 CVE-2026-44833 GHSA-mghp-5cq4-v6mg
Affected version: <8.4.1
Reported by:
GitHub -
[CRITICAL] Snipe-IT has insecure permissions in file uploads
PKSA-p5z5-yvbr-44mr CVE-2026-37709 GHSA-xg82-2hrv-hf64
Affected version: <8.4.1
Reported by:
GitHub -
[HIGH] Snipe-IT has Privilege Escalation via API Permissions Assignment
PKSA-3w8f-xykp-s5ps CVE-2026-44832 GHSA-hq28-crg7-95pr
Affected version: <8.4.1
Reported by:
GitHub -
[MEDIUM] Snipe-IT has Stored XSS via Component Checkout Notes (v8.4.0)
PKSA-t5t8-ptsk-b8c5 CVE-2026-44831 GHSA-r42m-953q-6vjx
Affected version: <8.4.1
Reported by:
GitHub -
[HIGH] Snipe-IT has sensitive user attributes related to account privileges that are insufficiently protected against mass assignment
PKSA-b19f-d499-7h75 CVE-2025-15602 GHSA-5448-v74m-7mv7
Affected version: <8.3.7
Reported by:
GitHub