Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2694 matches found

CVE
CVEadded 2026/04/06 2:35 p.m.15 views

CVE-2026-26027

CVE-2026-26027 affects GLPI 11.0.0–11.0.5, where an unauthenticated user can store an XSS payload via the inventory endpoint. The issue is fixed in 11.0.6. A connected analysis discusses a flaw in output encoding/escaping in GLPI that could allow remote code execution, emphasizing the potential r...

7.5CVSS5.9AI score0.00191EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2026/04/06 2:33 p.m.4 views

EUVD-2026-19246

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administrator lead to RCE. This vulnerability is fixed in 11.0.6...

9.1CVSS5.9AI score0.0037EPSS
Exploits1References1
CVE
CVEadded 2026/04/06 2:33 p.m.25 views

CVE-2026-26026

GLPI versions 11.0.0–11.0.5 are affected by a template-injection path in the admin-created template mechanism that can lead to Remote Code Execution (RCE). The issue is fixed in 11.0.6. A related PoC exists on GitHub, but the exploit details are not provided in the document set. Mitigation: upgra...

9.1CVSS5.9AI score0.0037EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2026/04/06 2:33 p.m.29 views

CVE-2026-26026 GLPI has a Server-Side Template Injection via Double-Compilation

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administrator lead to RCE. This vulnerability is fixed in 11.0.6...

9.1CVSS0.0037EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/04/06 2:31 p.m.2 views

CVE-2026-25932 GLPI has Stored XSS in Supplier 'Website' field

GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS payload in a supplier fields. This vulnerability is fixed in 10.0.24...

7.2CVSS5.9AI score0.0028EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/04/06 2:31 p.m.30 views

CVE-2026-25932 GLPI has Stored XSS in Supplier 'Website' field

GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS payload in a supplier fields. This vulnerability is fixed in 10.0.24...

7.2CVSS0.0028EPSS
Exploits0References1
CVE
CVEadded 2026/04/06 2:31 p.m.11 views

CVE-2026-25932

GLPI (free Asset and IT Management Software) is affected from versions 0.60 up to before 10.0.24. The root cause is improper output encoding/escaping in the Website field of the supplier component, allowing an authenticated technician to store an XSS payload. Impact stated across sources includes...

7.2CVSS5.9AI score0.0028EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2026/04/06 12:0 a.m.4 views

PT-2026-30609

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated user can store an XSS payload through the inventory endpoint. This vulnerability is fixed in 11.0.6...

7.5CVSS5.9AI score0.00191EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/04/06 12:0 a.m.5 views

GLPI SQL注入漏洞

GLPI is an open-source IT and asset management software developed by GLPI. This software provides a comprehensive IT resource management interface, allowing you to create databases for managing various IT assets such as computers, monitors, servers, printers, network devices, telephones, and even...

9.8CVSS5.9AI score0.08741EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/04/06 12:0 a.m.7 views

GLPI 访问控制错误漏洞

GLPI is an open-source IT and asset management software developed by GLPI. This software provides a comprehensive IT resource management interface, allowing you to create databases to manage various IT assets such as computers, monitors, servers, printers, network devices, telephones, and even...

7.5CVSS5.8AI score0.00191EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/26 3:12 p.m.4 views

CVE-2026-25937

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue...

6.5CVSS5.8AI score0.00292EPSS
Exploits0References1
Redos
Redosadded 2026/03/19 12:0 a.m.3 views

ROS-20260319-73-0006

Vulnerability in glpi related to access control flaws. Exploitation of the vulnerability could allow an attacker to escalate their privileges...

7.5CVSS5.8AI score0.00277EPSS
Exploits1
Redos
Redosadded 2026/03/19 12:0 a.m.7 views

ROS-20260319-73-0007

Vulnerability in glpi related to failure to take measures to protect sql query structure. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

9.8CVSS6.2AI score0.00436EPSS
Exploits1
Redos
Redosadded 2026/03/19 12:0 a.m.4 views

ROS-20260319-73-0013

Vulnerability in glpi due to failure to take measures to protect the structure of a web page. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

6.5CVSS6.2AI score0.00241EPSS
Exploits0
Redos
Redosadded 2026/03/19 12:0 a.m.3 views

ROS-20260319-73-0014

Vulnerability in glpi related to a flaw in the authorization procedure. Exploitation of the vulnerability may allow a remote intruder to gain unauthorized access to protected information...

6.5CVSS5.9AI score0.00186EPSS
Exploits0
Redos
Redosadded 2026/03/19 12:0 a.m.3 views

ROS-20260319-73-0031

Vulnerability in glpi related to failure to take measures to protect sql query structure. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

8.8CVSS6.2AI score0.00264EPSS
Exploits0
Redos
Redosadded 2026/03/19 12:0 a.m.5 views

ROS-20260319-73-0033

Vulnerability in glpi related to incorrect session management. Exploitation of the vulnerability could allow an attacker acting remotely to hijack a user's session...

6.5CVSS5.8AI score0.00373EPSS
Exploits0
Tenable Nessus
Tenable Nessusadded 2026/03/19 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-25936

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injectio...

8.8CVSS5.9AI score0.00339EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2026/03/19 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-25937

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's...

6.5CVSS5.9AI score0.00292EPSS
Exploits0References2
NVD
NVDadded 2026/03/18 12:16 a.m.5 views

CVE-2026-25937

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue...

6.5CVSS0.00292EPSS
Exploits0References1
Rows per page
Query Builder