CVE-2025-47226

Medium CVSS: 5.0

Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information.

Vendor

Product

CWE

Yayın Tarihi

2025-05-02 21:15:23

Güncelleme

2025-06-03 14:44:17

Source Identifier

cve@mitre.org

KEV Date Added

CWE-425 Snipe-it MEDIUM Snipeitapp 2025

https://github.com/grokability/snipe-it/compare/v8.0.4...v8.1.0 https://github.com/grokability/snipe-it/pull/16672 https://github.com/grokability/snipe-it/releases/tag/v8.1.0 https://github.com/koyomihack00/CVE-2025-47226/blob/main/PoC/idor-exploit.md

Medium

CVE-2025-65622

Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user…

Medium

CVE-2025-65621

Snipe-IT before 8.3.4 allows stored XSS, allowing a low-privileged authenticated user to inject JavaScript that executes…

Medium

CVE-2025-64027

Snipe-IT v8.3.4 (build 20218) contains a reflected cross-site scripting (XSS) vulnerability in the CSV Import workflow.…

Critical

CVE-2025-63601

Snipe-IT before version 8.3.3 contains a remote code execution vulnerability that allows an authenticated attacker to up…

Medium

CVE-2025-59713

Snipe-IT before 8.1.18 allows unsafe deserialization.

Medium

CVE-2025-59712

Snipe-IT before 8.1.18 allows XSS.