snipe/snipe-it Security Advisories for v8.3.7 (4)
-
[MEDIUM] Snipe-IT has an open redirect vulnerability
PKSA-rnj3-1mvy-45m9 CVE-2026-44833 GHSA-mghp-5cq4-v6mg
Affected version: <8.4.1
Reported by:
GitHub -
[CRITICAL] Snipe-IT has insecure permissions in file uploads
PKSA-p5z5-yvbr-44mr CVE-2026-37709 GHSA-xg82-2hrv-hf64
Affected version: <8.4.1
Reported by:
GitHub -
[HIGH] Snipe-IT has Privilege Escalation via API Permissions Assignment
PKSA-3w8f-xykp-s5ps CVE-2026-44832 GHSA-hq28-crg7-95pr
Affected version: <8.4.1
Reported by:
GitHub -
[MEDIUM] Snipe-IT has Stored XSS via Component Checkout Notes (v8.4.0)
PKSA-t5t8-ptsk-b8c5 CVE-2026-44831 GHSA-r42m-953q-6vjx
Affected version: <8.4.1
Reported by:
GitHub