[CRITICAL] Snipe-IT has insecure permissions in file uploads

PKSA-p5z5-yvbr-44mr CVE-2026-37709 GHSA-xg82-2hrv-hf64

Affected package: snipe/snipe-it

Affected version: <8.4.1

Reported by:
GitHub