2694 matches found
CVE-2026-23624 GLPI is vulnerable to session stealing on externally authenticated user change
GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.0.5, when remote authentication is used, based on SSO variables, a user can steal a GLPI session previously opened by another user on the same machine. This issue has been patch...
CVE-2026-23624
GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.0.5, when remote authentication is used, based on SSO variables, a user can steal a GLPI session previously opened by another user on the same machine. This issue has been patch...
CVE-2026-23624 GLPI is vulnerable to session stealing on externally authenticated user change
GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.0.5, when remote authentication is used, based on SSO variables, a user can steal a GLPI session previously opened by another user on the same machine. This issue has been patch...
CVE-2026-23624
GLPI contains a vulnerability (CVE-2026-23624) where, in versions 0.71 through before 10.0.23 and before 11.0.5, remote authentication using SSO variables can allow a user to steal a session opened by another user on the same machine. The issue is noted as patched in unspecified versions in the p...
CVE-2026-23624 GLPI is vulnerable to session stealing on externally authenticated user change
GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.0.5, when remote authentication is used, based on SSO variables, a user can steal a GLPI session previously opened by another user on the same machine. This issue has been patch...
CVE-2026-22247
GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhook feature. This issue has been patched in version 11.0.5...
EUVD-2026-5385
GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhook feature. This issue has been patched in version 11.0.5...
CVE-2026-22247 GLPI is Vulnerable to SSRF via Webhooks
GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhook feature. This issue has been patched in version 11.0.5...
CVE-2026-22247
CVE-2026-22247 affects GLPI (versions 11.0.0 through
CVE-2026-22247 GLPI is Vulnerable to SSRF via Webhooks
GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhook feature. This issue has been patched in version 11.0.5...
GLPI 代码问题漏洞
GLPI is an open-source IT and asset management software developed by GLPI. This software provides a comprehensive IT resource management interface, allowing you to create databases to manage various IT assets such as computers, monitors, servers, printers, network devices, telephones, and even...
PT-2026-6105
Name of the Vulnerable Software and Affected Versions GLPI versions 11.0.0 through 11.0.4 Description A GLPI administrator can perform Server-Side Request Forgery SSRF requests through the Webhook feature. This allows an attacker to potentially make requests on behalf of the server, accessing...
PT-2026-6181
Name of the Vulnerable Software and Affected Versions GLPI versions 0.71 through 10.0.22 GLPI versions 0.71 through 11.0.4 Description GLPI is an asset and IT management software package. When remote authentication is used with Single Sign-On SSO variables, a user can potentially gain access to...
Linux Distros Unpatched Vulnerability : CVE-2025-64516
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item ticket...
Linux Distros Unpatched Vulnerability : CVE-2025-66417
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. From 11.0.0, 11.0.3, an unauthenticated user can perform a SQL injection through the inventory endpoint...
CVE-2025-66417
GLPI is a free asset and IT management software package. From 11.0.0, 11.0.3, an unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 11.0.3...
CVE-2025-64516
GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item ticket, asset, .... If the public FAQ is enabled, this unauthorized access can be performed by an anonymous user. This vulnerability is fixed i...
CVE-2025-66417
GLPI is a free asset and IT management software package. From 11.0.0, 11.0.3, an unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 11.0.3...
UBUNTU-CVE-2025-66417
GLPI is a free asset and IT management software package. From 11.0.0, 11.0.3, an unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 11.0.3...
CVE-2025-66417 GLPI has an unauthenticated SQL injection through the inventory endpoint
GLPI is a free asset and IT management software package. From 11.0.0, 11.0.3, an unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 11.0.3...