Lucene search
K

36 matches found

Nuclei
Nuclei
added yesterday60 views

GLPI plugin Barcode < 2.6.1 - Path Traversal Vulnerability.

Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. id: CVE-2021-43778 info: name: GLPI plugin Barcode 2.6.1 - Path Traversal Vulnerability. author:...

9.1CVSS7.1AI score0.52658EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday33 views

GLPI 9.2/<9.5.6 - Information Disclosure

GLPI 9.2 and prior to 9.5.6 is susceptible to information disclosure via the telemetry endpoint, which discloses GLPI and server information. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-39211 info: name: GLPI 9.2/9.5.6 -...

5.3CVSS6.8AI score0.04446EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday67 views

GLPI <9.4.6 - Open Redirect

GLPI prior 9.4.6 contains an open redirect vulnerability based on a regexp. id: CVE-2020-11034 info: name: GLPI 9.4.6 - Open Redirect author: pikpikcu severity: medium description: GLPI prior 9.4.6 contains an open redirect vulnerability based on a regexp. impact: | An attacker can exploit this...

6.1CVSS6.4AI score0.07608EPSS
Exploits0References5
Nuclei
Nuclei
added 3 days ago416 views

GLPI <=10.0.2 - Remote Command Execution

GLPI through 10.0.2 is susceptible to remote command execution injection in /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module. id: CVE-2022-35914 info: name: GLPI =10.0.2 - Remote Command Execution author: For3stCo1d,allendemoura severity: critical description: | GLPI through 10.0...

9.8CVSS7.8AI score0.99628EPSS
Exploits13References7
OSV
OSV
added 6 days ago2 views

UBUNTU-CVE-2026-13490

A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects the function Document::canViewFile of the file front/document.send.php of the component Document Handler. Such manipulation of the argument docid leads to authorization bypass. The attack can be...

6.3CVSS5.4AI score0.00309EPSS
Exploits0References6
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-39990

A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects the function Document::canViewFile of the file front/document.send.php of the component Document Handler. Such manipulation of the argument docid leads to authorization bypass. The attack can be...

6.3CVSS5.4AI score0.00309EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-13490 glpi-project glpi Document document.send.php canViewFile authorization

A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects the function Document::canViewFile of the file front/document.send.php of the component Document Handler. Such manipulation of the argument docid leads to authorization bypass. The attack can be...

6.3CVSS0.00309EPSS
Exploits0References4
CVE
CVE
added 6 days ago20 views

CVE-2026-13490

The CVE concerns glpi-project glpi versions 11.0.5/11.0.6/11.0.7. It affects the Document Handler, specifically Document::canViewFile in front/document.send.php. Manipulating the docid argument can bypass authorization, enabling a remote attack. The description notes high complexity and that expl...

6.3CVSS5.4AI score0.00309EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-53103

Name of the Vulnerable Software and Affected Versions glpi-project glpi versions 11.0.5 through 11.0.7 Description An authorization bypass exists in the Document Handler component within the file 'front/document.send.php'. The issue occurs in the Document::canViewFile function when processing the...

6.3CVSS5.9AI score0.00309EPSS
Exploits0References10
GithubExploit
GithubExploit
added 2026/04/22 1:21 p.m.109 views

Exploit for Code Injection in Glpi-Project Glpi

No d...

9.1CVSS5.7AI score0.0037EPSS
Exploits1
Snyk
Snyk
added 2026/04/06 4:10 p.m.2 views

Arbitrary Code Injection

Overview glpi/glpi is a free Asset and IT Management Software package with ITIL Service Desk, licenses tracking and software auditing. Affected versions of this package are vulnerable to Arbitrary Code Injection via the template rendering process. An attacker can execute arbitrary code on the...

9.1CVSS6.3AI score0.0037EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2012-3947

Malware in sbrugna...

4.3CVSS6.4AI score0.01822EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2025/09/16 12:52 p.m.231 views

Exploit for SQL Injection in Glpi-Project Glpi

CVE-2025-247...

9.8CVSS7AI score0.86182EPSS
Exploits5
GithubExploit
GithubExploit
added 2024/07/11 10:20 a.m.80 views

Exploit for Improper Access Control in Glpi-Project Glpi

CVE-2024-37147-PoC...

4.3CVSS5.7AI score0.00685EPSS
Exploits1
Veracode
Veracode
added 2024/04/26 7:33 a.m.25 views

Privilege Escalation

github.com/glpi-project/glpi-agent is vulnerable to Privilege Escalation. The vulnerability is due to improper security controls in the MSI package installer that allow a local user to manipulate the GLPI server URL or disable the agent service, and in some cases, configure a malicious server to...

7.8CVSS7AI score0.00224EPSS
Exploits0References2Affected Software1
0day.today
0day.today
added 2023/04/03 12:0 a.m.300 views

GLPI v10.0.1 - Unauthenticated Sensitive Data Exposure Vulnerability

Exploit Title: GLPI v10.0.1 - Unauthenticated Sensitive Data Exposure Version: =10.0.0 and 10.0.2 Author: Nuri Çilengir Vendor Homepage: https://glpi-project.org/ Software Link: https://github.com/glpi-project/glpi Advisory:...

5.3CVSS5.6AI score0.0085EPSS
Exploits2
FreeBSD
FreeBSD
added 2023/03/20 12:0 a.m.28 views

glpi -- multiple vulnerabilities

glpi Project reports: Multiple vulnerabilities found and fixed in this version: High CVE-2023-28849: SQL injection and Stored XSS via inventory agent request. High CVE-2023-28632: Account takeover by authenticated user. High CVE-2023-28838: SQL injection through dynamic reports. Moderate...

10CVSS7.7AI score0.00815EPSS
Exploits0References7
Check Point Advisories
Check Point Advisories
added 2022/11/06 12:0 a.m.48 views

GLPI Project Code Injection (CVE-2022-35914)

A code injection vulnerability exists in GLPI Project. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

5.5AI score0.99628EPSS
Exploits13
GithubExploit
GithubExploit
added 2022/08/09 7:9 a.m.13 views

Exploit for SQL Injection in Glpi-Project Glpi

CVE-2022-31061 PoC for GLPI CVE-2022-31061 A Proof of Concept...

9.8CVSS8.1AI score0.50889EPSS
Exploits3
Exploit DB
Exploit DB
added 2022/03/14 12:0 a.m.355 views

Baixar GLPI Project 9.4.6 - SQLi

Exploit Title: Baixar GLPI Project 9.4.6 - SQLi Date: 10/12 Exploit Author: Joas Antonio Vendor Homepage: https://glpi-project.org/pt-br/ https://www.blueonyx.it/ Software Link: https://glpi-project.org/pt-br/baixar/ Version: GLPI - 9.4.6 Tested on: Windows/Linux CVE : CVE-2021-44617 POC1:...

9.8CVSS9.7AI score0.02089EPSS
Exploits4
Rows per page
Query Builder