CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2694 matches found

Snyk•added 2026/04/06 4:10 p.m.•3 views

SQL Injection

Overview glpi/glpi is a free Asset and IT Management Software package with ITIL Service Desk, licenses tracking and software auditing. Affected versions of this package are vulnerable to SQL Injection in the logs export process. An attacker can execute arbitrary SQL commands by submitting crafted...

8.8CVSS6.2AI score0.00388EPSS

Exploits0References2

Snyk•added 2026/04/06 4:10 p.m.•8 views

Cross-site Scripting (XSS)

Overview glpi/glpi is a free Asset and IT Management Software package with ITIL Service Desk, licenses tracking and software auditing. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the inventory endpoint. An attacker can execute arbitrary JavaScript code in the...

7.7CVSS6AI score0.00191EPSS

Exploits0References2

NVD•added 2026/04/06 3:17 p.m.•4 views

CVE-2026-26027

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated user can store an XSS payload through the inventory endpoint. This vulnerability is fixed in 11.0.6...

7.5CVSS0.00191EPSS

Exploits0References1

NVD•added 2026/04/06 3:17 p.m.•2 views

CVE-2026-29047

GLPI is a free asset and IT management software package. From 10.0.0 to before 10.0.24 and 11.0.6, an authenticated user can perform a SQL injection via the logs export feature. This vulnerability is fixed in 10.0.24 and 11.0.6...

8.8CVSS0.00388EPSS

Exploits0References1

NVD•added 2026/04/06 3:17 p.m.•1 views

CVE-2026-26263

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated time-based blind SQL injection exists in GLPI's Search engine. This vulnerability is fixed in 11.0.6...

9.8CVSS0.08741EPSS

Exploits0References1

NVD•added 2026/04/06 3:17 p.m.•8 views

CVE-2026-26026

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administrator lead to RCE. This vulnerability is fixed in 11.0.6...

9.1CVSS0.0037EPSS

Exploits1References1

NVD•added 2026/04/06 3:17 p.m.•2 views

CVE-2026-25932

GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS payload in a supplier fields. This vulnerability is fixed in 10.0.24...

7.2CVSS0.0028EPSS

Exploits0References1

UbuntuCve•added 2026/04/06 3:17 p.m.•1 views

CVE-2026-26027

7.5CVSS5.9AI score0.00191EPSS

Exploits0References2

UbuntuCve•added 2026/04/06 3:17 p.m.•3 views

CVE-2026-26026

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administrator lead to RCE. This vulnerability is fixed in 11.0.6...

9.1CVSS5.9AI score0.0037EPSS

Exploits1References2

OSV•added 2026/04/06 3:17 p.m.•7 views

UBUNTU-CVE-2026-29047

8.8CVSS5.9AI score0.00388EPSS

Exploits0References3

UbuntuCve•added 2026/04/06 3:17 p.m.•2 views

CVE-2026-26263

9.8CVSS5.9AI score0.08741EPSS

Exploits0References2

OSV•added 2026/04/06 3:17 p.m.•2 views

UBUNTU-CVE-2026-26026

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administrator lead to RCE. This vulnerability is fixed in 11.0.6...

9.1CVSS5.8AI score0.0037EPSS

Exploits1References3

OSV•added 2026/04/06 3:17 p.m.•3 views

UBUNTU-CVE-2026-26027

7.5CVSS5.8AI score0.00191EPSS

Exploits0References3

OSV•added 2026/04/06 3:17 p.m.•2 views

UBUNTU-CVE-2026-26263

9.8CVSS5.9AI score0.08741EPSS

Exploits0References3

CVE•added 2026/04/06 2:39 p.m.•11 views

CVE-2026-29047

CVE-2026-29047 affects GLPI; from 10.0.0 to before 10.0.24 and 11.0.6, an authenticated user can perform a SQL injection via the logs export feature. This is fixed in 10.0.24 and 11.0.6. Impact includes potential confidentiality, integrity, and availability risks. Remediation: upgrade to GLPI 10....

8.8CVSS5.9AI score0.00388EPSS

Exploits0References1Affected Software1