Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
snipeitapp snipe-it

Version 0

SINGLE_NUMBER 3 CVEs

Known Vulnerabilities

CVE-2024-48987

Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product's repository, that have default APP_KEY values.

MEDIUM CVSS 6.6 Published Oct 11, 2024

CVE-2023-5511

Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3.

MEDIUM CVSS 6.3 Published Oct 11, 2023

CVE-2023-5452

Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.

MEDIUM CVSS 5.5 Published Oct 06, 2023