Components
Vulnerabilities
Pricing
MCP
API
Docs
Sign up
Login
snipe/snipe-it v8.3.6 | Vulnerabilities | Sonatype Guide
composer
snipe
snipe-it
v8.3.6
snipe-it v8.3.6
snipe
Published
Nov 24, 2025
•
Policy
compliance
composer Registry
Developer Trust Score
N/A
Recommended Version:
x.y.z
Latest version with 0 known vulnerabilities that meets your policy.
Compare Versions
Overview
Overview
Versions
275
Versions
275
Vulnerabilities
3
Vulnerabilities
3
Dependencies
0
Dependencies
0
Severity
Critical
(0)
High
(1)
Medium
(2)
Low
(0)
CVSS Score
0.0
10.0
EPSS Score
0.0
1.0
Malware
KEV Status
Published
Filter
Sort: Published (Newest first)
8.8
CVE-2025-15602
Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the Super Admin account. By changing the email address of the Super Admin and triggering a password reset, an attacker can fully take over the Super Admin account, resulting in complete administrative control of the Snipe-IT instance.
affected
Severity
High
Published
Mar 10, 2026
4.8
CVE-2022-32060
An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.
affected
Severity
Medium
Published
Jul 11, 2022
4.8
CVE-2022-32061
An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.
affected
Severity
Medium
Published
Jul 11, 2022
