Lucene search
K

2698 matches found

Redos
Redos
added 2026/03/19 12:0 a.m.3 views

ROS-20260319-73-0014

Vulnerability in glpi related to a flaw in the authorization procedure. Exploitation of the vulnerability may allow a remote intruder to gain unauthorized access to protected information...

6.5CVSS5.9AI score0.00186EPSS
Exploits0
Redos
Redos
added 2026/03/19 12:0 a.m.4 views

ROS-20260319-73-0013

Vulnerability in glpi due to failure to take measures to protect the structure of a web page. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

6.5CVSS6.2AI score0.00241EPSS
Exploits0
Redos
Redos
added 2026/03/19 12:0 a.m.4 views

ROS-20260319-73-0006

Vulnerability in glpi related to access control flaws. Exploitation of the vulnerability could allow an attacker to escalate their privileges...

7.5CVSS5.8AI score0.00277EPSS
Exploits1
NVD
NVD
added 2026/03/18 12:16 a.m.5 views

CVE-2026-25937

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue...

6.5CVSS0.00292EPSS
Exploits0References1
OSV
OSV
added 2026/03/18 12:16 a.m.6 views

UBUNTU-CVE-2026-25937

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue...

6.5CVSS5.8AI score0.00292EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.5 views

GLPI Inventory Plugin SQL注入漏洞

GLPI Inventory Plugin is an open-source plugin developed by French company GLPI. It is used to process various types of tasks for the GLPI agent. Versions of the GLPI Inventory Plugin prior to 1.6.6 contained a SQL injection vulnerability, which stems from improper handling of user input,...

8.8CVSS5.8AI score0.00212EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.11 views

GLPI 授权问题漏洞

GLPI is an open-source IT and asset management software developed by GLPI. This software provides a comprehensive IT resource management interface, allowing you to create databases to manage various IT assets such as computers, monitors, servers, printers, network devices, telephones, and even...

6.5CVSS5.8AI score0.00292EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/18 12:0 a.m.8 views

CVE-2026-25937

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue...

6.5CVSS5.9AI score0.00292EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/17 11:18 p.m.3 views

CVE-2026-26001

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from reports, with adequate rights. This vulnerability is fixed in 1.6.6...

7.1CVSS5.8AI score0.00212EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/17 11:18 p.m.5 views

CVE-2026-26001 GLPI Inventory Plugin has SQL Injection on dropdown_calendar Report

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from reports, with adequate rights. This vulnerability is fixed in 1.6.6...

7.1CVSS5.8AI score0.00212EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/17 11:18 p.m.28 views

CVE-2026-26001 GLPI Inventory Plugin has SQL Injection on dropdown_calendar Report

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from reports, with adequate rights. This vulnerability is fixed in 1.6.6...

7.1CVSS0.00212EPSS
Exploits0References1
CVE
CVE
added 2026/03/17 11:18 p.m.10 views

CVE-2026-26001

CVE-2026-26001 affects the GLPI Inventory Plugin. The vulnerability is an SQL injection in the dropdown_calendar report, caused by non-sanitized user input prior to version 1.6.6. The issue allows an attacker with adequate rights to influence the database query (impacting confidentiality; integri...

8.8CVSS5.8AI score0.00212EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/17 11:18 p.m.6 views

CVE-2026-26001 GLPI Inventory Plugin has SQL Injection on dropdown_calendar Report

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from reports, with adequate rights. This vulnerability is fixed in 1.6.6...

7.1CVSS5.9AI score0.00212EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/17 11:16 p.m.31 views

CVE-2026-25937 GLPI has a MFA bypass

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue...

6.5CVSS0.00292EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/17 11:16 p.m.2 views

CVE-2026-25937 GLPI has a MFA bypass

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue...

6.5CVSS5.8AI score0.00292EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/17 11:16 p.m.3 views

CVE-2026-25937

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue...

6.5CVSS5.8AI score0.00292EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/17 11:16 p.m.15 views

CVE-2026-25937

GLPI (Asset and IT management software) is affected by CVE-2026-25937 where an attacker with knowledge of a user’s credentials can bypass MFA. The issue affects versions 11.0.0 through 11.0.5; version 11.0.6 contains the fix. The CVSS base metrics indicate a Network attack vector, low attack comp...

6.5CVSS5.8AI score0.00292EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2026/03/17 8:16 p.m.9 views

CVE-2026-25936

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue...

8.8CVSS5.9AI score0.00339EPSS
Exploits0References1
CVE
CVE
added 2026/03/17 7:41 p.m.14 views

CVE-2026-25936

CVE-2026-25936 affects GLPI: versions 11.0.0–11.0.5 are vulnerable to an authenticated SQL injection, with the issue fixed in 11.0.6. The vulnerability is linked to authenticated user input that leads to SQL injection; exact vectors are not detailed in the provided documents. Impact indicators de...

8.8CVSS5.8AI score0.00339EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/17 7:41 p.m.2 views

CVE-2026-25936 GLPI Vulnerable to Authenticated SQL Injection

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue...

6.5CVSS5.8AI score0.00339EPSS
Exploits0References1
Rows per page
Query Builder