Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| grokability | snipe-it | < 8.6.2 | - |
| # | POC Description | Source Link | Shenlong Link |
|---|
No public POC found.
Login to generate AI POC| CVE-2026-54329 | 8.5 HIGH | Snipe-IT: Cross-Tenant Accessory Injection in Snipe-IT API |
| CVE-2026-55516 | 7.7 HIGH | Snipe-IT: Cross-company asset maintenance re-parenting via API update |
| CVE-2026-55460 | 7.1 HIGH | Snipe-IT: Authorization bypass on bulk editing users |
| CVE-2026-55469 | 6.5 MEDIUM | Snipe-IT: Path traversal vulnerability via CSV import `image` field |
| CVE-2026-55461 | 6.1 MEDIUM | Snipe-IT: Open Redirect After User Edit |
| CVE-2026-55475 | 5.7 MEDIUM | Snipe-IT: Import created_by can be overwritten |
| CVE-2026-55472 | 4.3 MEDIUM | Snipe-IT: API Location Creation Bypasses FMCS Parent-Child Company Boundary Validation |
| CVE-2026-55462 | 4.3 MEDIUM | Snipe-IT: Authorization bypass on print inventory page |
| CVE-2026-55478 | Snipe-IT: Missing object-level authorization in Kits API | |
| CVE-2026-55474 | Snipe-IT: Directory traversal in displaySig | |
| CVE-2026-55452 | Snipe-IT: CSV formula injection in Activity Report export | |
| CVE-2026-55479 | Snipe-IT: Incorrect permission for legacy license checkin API | |
| CVE-2026-55464 | Snipe-IT: Stored XSS via Markdown custom field | |
| CVE-2026-55843 | Snipe-IT: Improper Privilege Management | |
| CVE-2026-55466 | Snipe-IT: Stored XSS via inline-served attachment | |
| CVE-2026-55481 | Snipe-IT: CSS Injection via `header_color` Setting | |
| CVE-2026-55476 | Snipe-IT: Unauthorized Asset Request Cancellation via Unguarded cancel_by_admin Parameter |
No comments yet