EUVD-2025-19663

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-43779

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions 2.9.1 suffers from authenticat...

CVE-2025-54780 glpi-screenshot-plugin exposes local files in /ajax/screenshot.php

The glpi-screenshot-plugin allows users to take screenshots or screens recording directly from GLPI. In versions below 2.0.2, authenticated user can use the /ajax/screenshot.php endpoint to leak files from the system or use PHP wrappers. This is fixed in version 2.0.2...

PT-2025-31884 · Glpi · Glpi-Screenshot-Plugin

Name of the Vulnerable Software and Affected Versions: glpi-screenshot-plugin versions prior to 2.0.2 Description: The glpi-screenshot-plugin allows users to take screenshots or screen recordings directly from GLPI. Authenticated users can use the /ajax/screenshot.php endpoint to leak files from...

ROS-20250717-02

Vulnerability of the auxiliary ticket escalation tool in the Escalade GLPI plugin is related to incorrect access controls. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information...

CVE-2025-27153

Escalade GLPI plugin is a ticket escalation process helper for GLPI. Prior to version 2.9.11, there is an improper access control vulnerability. This can lead to data exposure and workflow disruptions. This issue has been patched in version 2.9.11...

CVE-2025-27153 Escalade GLPI Plugin Vulnerable to Improper Access Control

Escalade GLPI plugin is a ticket escalation process helper for GLPI. Prior to version 2.9.11, there is an improper access control vulnerability. This can lead to data exposure and workflow disruptions. This issue has been patched in version 2.9.11...

CVE-2025-27153 Escalade GLPI Plugin Vulnerable to Improper Access Control

Escalade GLPI plugin is a ticket escalation process helper for GLPI. Prior to version 2.9.11, there is an improper access control vulnerability. This can lead to data exposure and workflow disruptions. This issue has been patched in version 2.9.11...

CVE-2025-27153

CVE-2025-27153 concerns the Escalade GLPI plugin for GLPI. Prior to version 2.9.11, an improper access control vulnerability could allow exposure of data and disrupt workflows. The issue has been patched in version 2.9.11. The published metrics indicate a base CVSS v3.1 score of 6.5 (MEDIUM) with...

CVE-2025-27153 Escalade GLPI Plugin Vulnerable to Improper Access Control

Escalade GLPI plugin is a ticket escalation process helper for GLPI. Prior to version 2.9.11, there is an improper access control vulnerability. This can lead to data exposure and workflow disruptions. This issue has been patched in version 2.9.11...

PT-2025-27573 · Glpi +1 · Escalade Glpi Plugin +1

Name of the Vulnerable Software and Affected Versions: Escalade GLPI plugin versions prior to 2.9.11 Description: The issue is related to improper access control, which can lead to data exposure and workflow disruptions. Recommendations: For versions prior to 2.9.11, update to version 2.9.11 to...

Escalade GLPI plugin 访问控制错误漏洞

Escalade GLPI plugin is an open source GLPI extension plugin for GLPI Project Plugins. An Access Control Error vulnerability exists in Escalade GLPI plugin versions prior to 2.9.11, which stems from improper access control and could lead to data disclosure and workflow disruption...

CVE-2022-34127

The Managentities plugin before 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.php file parameter...

com.airbus-cyber-security.graylog:graylog-plugin-aggregation-count (>=1.1.0 <=4.1.1), com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (>=1.0.0 <=5.2.1) +12 more potentially affected by CVE-2025-46827 via org.graylog2:graylog2-server (>=1.0.0-beta.3 <=6.0.13)

org.graylog2:graylog2-server MAVEN version =1.0.0-beta.3, =1.1.0, =1.0.0, =1.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1, =2.2.0, =1.1.0, =2.2.0, =2.2.0, =1.0.3, =1.0.0, =1.2.0, =1.3.4 Source cves: CVE-2025-46827 Source advisory: OSV:GHSA-76VF-MPMX-777J...

Metasploit Wrap-Up 03/28/2025

Windows LPE - Cloud File Mini Filer Driver Heap Overflow This Metasploit release includes an exploit module for CVE-2024-30085, an LPE in cldflt.sys which is known as the Windows Cloud Files Mini Filer Driver. This driver allows users to manage and sync files between a remote server and a local...

CVE-2025-23024 GLPI: Plugins are disabled accessing one page

GLPI is a free asset and IT management software package. Starting in version 0.72 and prior to version 10.0.18, an anonymous user can disable all the active plugins. Version 10.0.18 contains a patch. As a workaround, one may delete the install/update.php file...

CVE-2024-53850

The Addressing GLPI plugin enables you to create IP reports for visualize IP addresses used and free on a given network.. Starting with 3.0.0 and before 3.0.3, a poor security check allows an unauthenticated attacker to determine whether data exists by name in GLPI...

CVE-2024-53850

The Addressing GLPI plugin enables you to create IP reports for visualize IP addresses used and free on a given network.. Starting with 3.0.0 and before 3.0.3, a poor security check allows an unauthenticated attacker to determine whether data exists by name in GLPI...

CVE-2024-45600

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to 1.21.13, an authenticated user can perform a SQL injection when the plugin is active. The vulnerability is fixed in 1.21.13...

CVE-2024-53850 The Addressing GLPI plugin allows data enumeration through uncontrolled object instantiation

The Addressing GLPI plugin enables you to create IP reports for visualize IP addresses used and free on a given network.. Starting with 3.0.0 and before 3.0.3, a poor security check allows an unauthenticated attacker to determine whether data exists by name in GLPI...