2694 matches found
ROS-20250303-02
Vulnerability in the htmlawed module of the GLPI computer hardware request, incident and inventory system is related to incorrect input validation in /vendor/htmlawed/htmlawed/htmlawed/htmLawedTest.php. Exploitation of the of the vulnerability could allow an attacker acting remotely to inject...
CVE-2025-23046
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.18, if a "Mail servers" authentication provider is configured to use an Oauth connection provided by the OauthIMAP plugin, anyone can connect to GLPI using a user name on which an Oauth...
CVE-2025-25192
GLPI is a free asset and IT management software package. Prior to version 10.0.18, a low privileged user can enable debug mode and access sensitive information. Version 10.0.18 contains a patch. As a workaround, one may delete the install/update.php file...
CVE-2025-21627
GLPI is a free asset and IT management software package. In versions prior to 10.0.18, a malicious link can be crafted to perform a reflected XSS attack on the search page. If the anonymous ticket creation is enabled, this attack can be performed by an unauthenticated user. Version 10.0.18 contai...
CVE-2025-21626
GLPI is a free asset and IT management software package. Starting in version 0.71 and prior to version 10.0.18, an anonymous user can fetch sensitive information from the status.php endpoint. Version 10.0.18 contains a fix for the issue. Some workarounds are available. One may delete the status.p...
CVE-2024-11955
A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument redirect leads to open redirect. The attack can be launched remotely. The exploit has been...
CVE-2025-23046
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.18, if a "Mail servers" authentication provider is configured to use an Oauth connection provided by the OauthIMAP plugin, anyone can connect to GLPI using a user name on which an Oauth...
CVE-2025-25192
GLPI is a free asset and IT management software package. Prior to version 10.0.18, a low privileged user can enable debug mode and access sensitive information. Version 10.0.18 contains a patch. As a workaround, one may delete the install/update.php file...
UBUNTU-CVE-2025-23046
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.18, if a "Mail servers" authentication provider is configured to use an Oauth connection provided by the OauthIMAP plugin, anyone can connect to GLPI using a user name on which an Oauth...
UBUNTU-CVE-2025-25192
GLPI is a free asset and IT management software package. Prior to version 10.0.18, a low privileged user can enable debug mode and access sensitive information. Version 10.0.18 contains a patch. As a workaround, one may delete the install/update.php file...
CVE-2025-25192 GLPI allows unauthorized access to debug mode
GLPI is a free asset and IT management software package. Prior to version 10.0.18, a low privileged user can enable debug mode and access sensitive information. Version 10.0.18 contains a patch. As a workaround, one may delete the install/update.php file...
CVE-2025-25192 GLPI allows unauthorized access to debug mode
GLPI is a free asset and IT management software package. Prior to version 10.0.18, a low privileged user can enable debug mode and access sensitive information. Version 10.0.18 contains a patch. As a workaround, one may delete the install/update.php file...
CVE-2025-25192 GLPI allows unauthorized access to debug mode
GLPI is a free asset and IT management software package. Prior to version 10.0.18, a low privileged user can enable debug mode and access sensitive information. Version 10.0.18 contains a patch. As a workaround, one may delete the install/update.php file...
CVE-2025-25192
GLPI prior to 10.0.18 is affected by CVE-2025-25192 where a low-privileged user can enable debug mode and access sensitive information. A patch is included in version 10.0.18; organizations should upgrade to 10.0.18 or later. A workaround mentioned is deleting install/update.php. The vulnerabilit...
CVE-2025-23046 GLPI vulnerable to unauthorized authentication by email using the OAuthIMAP plugin
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.18, if a "Mail servers" authentication provider is configured to use an Oauth connection provided by the OauthIMAP plugin, anyone can connect to GLPI using a user name on which an Oauth...
CVE-2025-23046 GLPI vulnerable to unauthorized authentication by email using the OAuthIMAP plugin
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.18, if a "Mail servers" authentication provider is configured to use an Oauth connection provided by the OauthIMAP plugin, anyone can connect to GLPI using a user name on which an Oauth...
CVE-2025-23046
GLPI CVE-2025-23046 affects versions 9.5.0 through 10.0.18 where a Mail servers authentication provider using an OAuth (OauthIMAP) connection allows a login using a username with an existing OAuth authorization. The root cause is an access control/authentication issue in the OAuth integration wit...
CVE-2025-23046 GLPI vulnerable to unauthorized authentication by email using the OAuthIMAP plugin
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.18, if a "Mail servers" authentication provider is configured to use an Oauth connection provided by the OauthIMAP plugin, anyone can connect to GLPI using a user name on which an Oauth...
Improper Authorization
Overview glpi/glpi is a free Asset and IT Management Software package with ITIL Service Desk, licenses tracking and software auditing. Affected versions of this package are vulnerable to Improper Authorization via the update.php file which allows an attacker to disable all active plugins by...
Cross-site Scripting (XSS)
Overview glpi/glpi is a free Asset and IT Management Software package with ITIL Service Desk, licenses tracking and software auditing. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the search page when an anonymous ticket creation is enabled. Details Cross-site...