CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

5.7CVSS5AI score0.00393EPSS

Linux Distros Unpatched Vulnerability : CVE-2024-45611

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An...

6.5CVSS4.9AI score0.01514EPSS

Linux Distros Unpatched Vulnerability : CVE-2024-43417

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflect...

Tenable Nessus•added 2025/09/10 12:0 a.m.•0 views

Linux Distros Unpatched Vulnerability : CVE-2024-45610

6.5CVSS5AI score0.01514EPSS

Tenable Nessus•added 2025/09/10 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2024-47759

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free Asset and IT management software package. An technician can upload a SVG containing a malicious script. The script will then be executed when any...

6.7CVSS5AI score0.00679EPSS

6.5CVSS4.9AI score0.01826EPSS

Linux Distros Unpatched Vulnerability : CVE-2024-43418

8.8CVSS4.9AI score0.00331EPSS

Linux Distros Unpatched Vulnerability : CVE-2024-47760

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take...

8.8CVSS5.2AI score0.00832EPSS

Linux Distros Unpatched Vulnerability : CVE-2024-45608

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. An authenticated user can perfom a SQL injection by changing its preferences. Upgrade to 10.0.17...

6.5CVSS4.9AI score0.01055EPSS

Linux Distros Unpatched Vulnerability : CVE-2024-41678

Tenable Nessus•added 2025/09/10 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2024-41679

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. An authenticated user can exploit a SQL injection vulnerability from the ticket form. Upgrade to 10.0.1...

8.8CVSS5.2AI score0.00688EPSS

Tenable Nessus•added 2025/09/10 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2024-40638

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. An authenticated user can exploit multiple SQL injection vulnerabilities. One of them can be used to...

8.8CVSS5.1AI score0.12396EPSS

RedhatCVE•added 2025/05/23 10:48 a.m.•3 views

CVE-2024-43418

GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.17...

6.5CVSS6.1AI score0.01826EPSS

Exploits0

RedhatCVE•added 2025/05/23 8:32 a.m.•13 views

CVE-2024-50339

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17 contains a patch for this issue...

9.3CVSS6.9AI score0.19755EPSS

RedhatCVE•added 2025/05/23 8:6 a.m.•5 views

CVE-2024-45610

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the Cable form...

6.5CVSS6AI score0.01514EPSS

RedhatCVE•added 2025/05/23 8:6 a.m.•5 views

CVE-2024-45609

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the reports pages...

6.5CVSS6AI score0.01514EPSS

RedhatCVE•added 2025/05/23 7:30 a.m.•5 views

CVE-2024-48912

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue...

8.1CVSS6.7AI score0.00473EPSS

RedhatCVE•added 2025/05/23 6:52 a.m.•5 views

CVE-2024-47761

GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an administrator with access to the sent notifications contents can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue...

7.5CVSS7AI score0.00372EPSS