Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| grokability | snipe-it | < 8.6.1 | - |
| # | POC Description | Source Link | Shenlong Link |
|---|
No public POC found.
Login to generate AI POC| CVE-2026-54329 | 8.5 HIGH | Snipe-IT: Cross-Tenant Accessory Injection in Snipe-IT API |
| CVE-2026-55516 | 7.7 HIGH | Snipe-IT: Cross-company asset maintenance re-parenting via API update |
| CVE-2026-55460 | 7.1 HIGH | Snipe-IT: Authorization bypass on bulk editing users |
| CVE-2026-55469 | 6.5 MEDIUM | Snipe-IT: Path traversal vulnerability via CSV import `image` field |
| CVE-2026-55461 | 6.1 MEDIUM | Snipe-IT: Open Redirect After User Edit |
| CVE-2026-55515 | 5.0 MEDIUM | Snipe-IT: Cross-company deletion of pending checkout acceptances via unscoped report endpo |
| CVE-2026-55462 | 4.3 MEDIUM | Snipe-IT: Authorization bypass on print inventory page |
| CVE-2026-55472 | 4.3 MEDIUM | Snipe-IT: API Location Creation Bypasses FMCS Parent-Child Company Boundary Validation |
| CVE-2026-55474 | Snipe-IT: Directory traversal in displaySig | |
| CVE-2026-55452 | Snipe-IT: CSV formula injection in Activity Report export | |
| CVE-2026-55479 | Snipe-IT: Incorrect permission for legacy license checkin API | |
| CVE-2026-55478 | Snipe-IT: Missing object-level authorization in Kits API | |
| CVE-2026-55464 | Snipe-IT: Stored XSS via Markdown custom field | |
| CVE-2026-55843 | Snipe-IT: Improper Privilege Management | |
| CVE-2026-55466 | Snipe-IT: Stored XSS via inline-served attachment | |
| CVE-2026-55481 | Snipe-IT: CSS Injection via `header_color` Setting | |
| CVE-2026-55476 | Snipe-IT: Unauthorized Asset Request Cancellation via Unguarded cancel_by_admin Parameter |
No comments yet