CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/06/02 11:16 p.m.•14 views

CVE-2026-40108

GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, a technician can store an XSS payload in a ITIL costs. This issue has been fixed in version 11.0.7...

7.1CVSS0.00268EPSS

OSV•added 2026/06/02 11:16 p.m.•6 views

UBUNTU-CVE-2026-40108

GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, a technician can store an XSS payload in a ITIL costs. This issue has been fixed in version 11.0.7...

7.1CVSS5.1AI score0.00268EPSS

ATTACKERKB•added 2026/06/02 11:2 p.m.•10 views

CVE-2026-40108

GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, a technician can store an XSS payload in a ITIL costs. This issue has been fixed in version 11.0.7...

7.1CVSS5.7AI score0.00268EPSS

Exploits0References2Affected Software1

CVE•added 2026/06/02 11:2 p.m.•17 views

CVE-2026-40108

CVE-2026-40108 - GLPI Stored XSS in ITIL costs : Affects GLPI versions 11.0.0 through 11.0.6 where a technician can store an XSS payload in ITIL costs. The issue has been fixed in version 11.0.7. CVSS 4.0 base score is 7.1 (HIGH) with user interaction required and HIGH impact on confidentiality, ...

7.1CVSS5.7AI score0.00268EPSS

NVD•added 2026/06/02 8:16 p.m.•12 views

CVE-2026-5385

An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: before 11.0.7...

8.4CVSS0.00418EPSS

CVE•added 2026/06/02 6:32 p.m.•13 views

CVE-2026-5385

Summary : CVE-2026-5385 is a stored XSS in GLPI prior to 11.0.7. An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. Affected versions : GLPI before 11.0.7. Impact : authenticated? No — attacker needs knowledge-base write access; impa...

8.4CVSS5.8AI score0.00418EPSS

ATTACKERKB•added 2026/06/02 6:32 p.m.•7 views

CVE-2026-5385

An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: before 11.0.7...

8.4CVSS5.8AI score0.00418EPSS

Exploits0References5

CNNVD•added 2026/06/02 12:0 a.m.•3 views

GLPI 跨站脚本漏洞

GLPI is an open-source IT and asset management software developed by GLPI. This software provides a comprehensive IT resource management interface, allowing you to create databases for managing various IT assets such as computers, monitors, servers, printers, network devices, telephones, and even...

7.1CVSS4.8AI score0.00268EPSS

Positive Technologies•added 2026/06/02 12:0 a.m.•10 views

PT-2026-45847

Name of the Vulnerable Software and Affected Versions glp versions prior to 11.0.7 Description An unauthenticated user with write access to the knowledge base can store a Cross-Site Scripting XSS payload in a knowledge base item. XSS is a type of security flaw where malicious scripts are injected...

8.4CVSS5.4AI score0.00418EPSS

Exploits0References8

CNNVD•added 2026/06/02 12:0 a.m.•3 views

GLPI 跨站脚本漏洞

8.4CVSS4.9AI score0.00418EPSS

Redos•added 2026/05/24 12:0 a.m.•9 views

ROS-20260524-73-0051

Vulnerability in glpi related to failure to take measures to protect sql query structure. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

8.8CVSS6.2AI score0.00212EPSS

Exploits0

Tenable Nessus•added 2026/05/22 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2026-32312

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, an authenticated user with forms READ permission can export the...

5.1CVSS5.8AI score0.00217EPSS

NVD•added 2026/05/19 12:16 a.m.•8 views

CVE-2026-32312

GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, an authenticated user with forms READ permission can export the structure of unauthorized forms. This issue has been fixed in version 11.0.7...

5.1CVSS0.00217EPSS

OSV•added 2026/05/19 12:16 a.m.•3 views

UBUNTU-CVE-2026-32312

UbuntuCve•added 2026/05/19 12:16 a.m.•6 views

CVE-2026-32312

CNNVD•added 2026/05/19 12:0 a.m.•6 views

Exploits0References3

GLPI 安全漏洞

GLPI is an open-source IT and asset management software developed by GLPI. This software provides a comprehensive IT resource management interface, allowing you to create databases to manage various IT assets such as computers, monitors, servers, printers, network devices, telephones, and even...

5.1CVSS5.8AI score0.00217EPSS

Vulnrichment•added 2026/05/18 11:46 p.m.•7 views

CVE-2026-32312 GLPI: Unauthorized export of form structure

Cvelist•added 2026/05/18 11:46 p.m.•38 views

CVE-2026-32312 GLPI: Unauthorized export of form structure

5.1CVSS0.00217EPSS

CVE•added 2026/05/18 11:46 p.m.•17 views

CVE-2026-32312

CVE-2026-32312 (GLPI) affects GLPI 11.0.0 through 11.0.6. An authenticated user with forms READ permission could export the structure of unauthorized forms, exposing form configuration. The issue is fixed in version 11.0.7. According to the CVE records, the vulnerability has a CVSS v4.0 base scor...