Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2694 matches found

OSV
OSVadded 2024/11/15 7:15 p.m.1 views

UBUNTU-CVE-2024-43417

GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the Software form. Upgrade to 10.0.17...

6.5CVSS5.8AI score0.00353EPSS
Exploits0References3
Cvelist
Cvelistadded 2024/11/15 6:24 p.m.23 views

CVE-2024-45608 GLPI has an Authenticated SQL Injection

GLPI is a free asset and IT management software package. An authenticated user can perfom a SQL injection by changing its preferences. Upgrade to 10.0.17...

6.5CVSS0.00524EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2024/11/15 6:24 p.m.26 views

CVE-2024-45608 GLPI has an Authenticated SQL Injection

GLPI is a free asset and IT management software package. An authenticated user can perfom a SQL injection by changing its preferences. Upgrade to 10.0.17...

6.5CVSS7.7AI score0.00524EPSS
Exploits0References1
CVE
CVEadded 2024/11/15 6:24 p.m.64 views

CVE-2024-45608

GLPI (CVE-2024-45608) affects versions up to 10.0.18; vulnerability is a server-side SQL injection due to an issue in the preferences handling that can be triggered by an authenticated user. Root cause: missing/weak input handling in the preferences flow. Impact: high confidentiality, integrity, ...

8.8CVSS7.2AI score0.00524EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2024/11/15 6:24 p.m.14 views

CVE-2024-45608 GLPI has an Authenticated SQL Injection

GLPI is a free asset and IT management software package. An authenticated user can perfom a SQL injection by changing its preferences. Upgrade to 10.0.17...

6.5CVSS5.2AI score0.00524EPSS
Exploits0References3
Cvelist
Cvelistadded 2024/11/15 6:23 p.m.16 views

CVE-2024-43418 GLPI has multiple reflected XSS

GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.17...

6.5CVSS0.00394EPSS
Exploits0References1
CVE
CVEadded 2024/11/15 6:23 p.m.63 views

CVE-2024-43418

CVE-2024-43418 affects GLPI. An unauthenticated user can send a malicious link to a GLPI technician, enabling a reflected XSS vulnerability. Impact details are not quantified beyond the XSS claim in the provided documents. Remediation stated in the Initial Description: upgrade to GLPI 10.0.17. Th...

6.5CVSS6.2AI score0.00394EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2024/11/15 6:23 p.m.17 views

CVE-2024-43418 GLPI has multiple reflected XSS

GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.17...

6.5CVSS6.2AI score0.00394EPSS
Exploits0References1
OSV
OSVadded 2024/11/15 6:23 p.m.14 views

CVE-2024-43418 GLPI has multiple reflected XSS

GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.17...

6.5CVSS4.4AI score0.00394EPSS
Exploits0References3
Cvelist
Cvelistadded 2024/11/15 6:22 p.m.19 views

CVE-2024-43417 Reflected XSS in Software form

GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the Software form. Upgrade to 10.0.17...

6.5CVSS0.00353EPSS
Exploits0References1
CVE
CVEadded 2024/11/15 6:22 p.m.61 views

CVE-2024-43417

GLPI (Asset and IT Management software) is affected by CVE-2024-43417 due to a reflected XSS in the Software form that can be triggered by an unauthenticated user via a malicious link. The initial description recommends upgrading to version 10.0.17. Connected sources indicate broader SLAs, with s...

6.5CVSS6.2AI score0.00353EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2024/11/15 6:22 p.m.21 views

CVE-2024-43417 Reflected XSS in Software form

GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the Software form. Upgrade to 10.0.17...

6.5CVSS6.2AI score0.00353EPSS
Exploits0References1
OSV
OSVadded 2024/11/15 6:22 p.m.14 views

CVE-2024-43417 Reflected XSS in Software form

GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the Software form. Upgrade to 10.0.17...

6.5CVSS4.5AI score0.00353EPSS
Exploits0References3
Cvelist
Cvelistadded 2024/11/15 6:20 p.m.27 views

CVE-2024-41679 Authenticated SQL injection in ticket form

GLPI is a free asset and IT management software package. An authenticated user can exploit a SQL injection vulnerability from the ticket form. Upgrade to 10.0.17...

6.5CVSS0.00524EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2024/11/15 6:20 p.m.25 views

CVE-2024-41679 Authenticated SQL injection in ticket form

GLPI is a free asset and IT management software package. An authenticated user can exploit a SQL injection vulnerability from the ticket form. Upgrade to 10.0.17...

6.5CVSS7.7AI score0.00524EPSS
Exploits0References1
OSV
OSVadded 2024/11/15 6:20 p.m.23 views

CVE-2024-41679 Authenticated SQL injection in ticket form

GLPI is a free asset and IT management software package. An authenticated user can exploit a SQL injection vulnerability from the ticket form. Upgrade to 10.0.17...

6.5CVSS5.2AI score0.00524EPSS
Exploits0References3
CVE
CVEadded 2024/11/15 6:20 p.m.70 views

CVE-2024-41679

GLPI (asset/IT management software) is affected by CVE-2024-41679: an authenticated user can exploit a SQL injection vulnerability via the ticket form. Remediation recommended by multiple sources is to upgrade to GLPI 10.0.19 or later (10.0.19+); the initial description also mentions upgrading to...

8.8CVSS7AI score0.00524EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2024/11/15 6:15 p.m.12 views

CVE-2024-47759

GLPI is a free Asset and IT management software package. An technician can upload a SVG containing a malicious script. The script will then be executed when any user will try to see the document contents. Upgrade to 10.0.17...

6.7CVSS0.00418EPSS
Exploits0References1
NVD
NVDadded 2024/11/15 6:15 p.m.18 views

CVE-2024-40638

GLPI is a free asset and IT management software package. An authenticated user can exploit multiple SQL injection vulnerabilities. One of them can be used to alter another user account data and take control of it. Upgrade to 10.0.17...

8.8CVSS0.36984EPSS
Exploits0References1
NVD
NVDadded 2024/11/15 6:15 p.m.24 views

CVE-2024-41678

GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.17...

6.5CVSS0.00486EPSS
Exploits0References1
Rows per page
Query Builder