Package impact
Packagist / snipe/snipe-it
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-37709 | critical | 9.8 | 9.8 | 20d ago | Snipe-IT has insecure permissions in file uploads | |
| CVE-2026-44832 | high | 8.8 | 8.8 | 20d ago | Snipe-IT has Privilege Escalation via API Permissions Assignment | |
| CVE-2026-44833 | high | 7.1 | 7.1 | 20d ago | Snipe-IT has an open redirect vulnerability | |
| CVE-2026-44831 | medium | 5.4 | 5.4 | 20d ago | Snipe-IT has Stored XSS via Component Checkout Notes (v8.4.0) |