Linux Distros Unpatched Vulnerability : CVE-2026-32312

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, an authenticated user with forms READ permission can export the...

CVE-2026-32312

GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, an authenticated user with forms READ permission can export the structure of unauthorized forms. This issue has been fixed in version 11.0.7...

UBUNTU-CVE-2026-32312

GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, an authenticated user with forms READ permission can export the structure of unauthorized forms. This issue has been fixed in version 11.0.7...

CVE-2026-32312 GLPI: Unauthorized export of form structure

GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, an authenticated user with forms READ permission can export the structure of unauthorized forms. This issue has been fixed in version 11.0.7...

DEBIAN-CVE-2026-43512

DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0. Older unsupported...

CVE-2026-26026

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administrator lead to RCE. This vulnerability is fixed in 11.0.6...

CVE-2026-26263

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated time-based blind SQL injection exists in GLPI's Search engine. This vulnerability is fixed in 11.0.6...

CVE-2026-26263 GLPI has an Unauthenticated SQL Injection via Search engine

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated time-based blind SQL injection exists in GLPI's Search engine. This vulnerability is fixed in 11.0.6...

CVE-2026-26027 GLPI has an Unauthenticated Stored XSS via inventory

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated user can store an XSS payload through the inventory endpoint. This vulnerability is fixed in 11.0.6...

CVE-2026-25936

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue...

Linux Distros Unpatched Vulnerability : CVE-2026-25937

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's...

CVE-2026-25936

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue...

CVE-2026-25936 GLPI Vulnerable to Authenticated SQL Injection

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue...

CVE-2026-25936

CVE-2026-25936 affects GLPI. Starting in version 11.0.0 and before 11.0.6, an authenticated user can perform a SQL injection in GLPI’s application. The issue is fixed in version 11.0.6. CVSS 3.1 base score 6.5 (Medium) with Network attack vector, Low attack complexity, Privileges required, no use...

PT-2026-25929

Name of the Vulnerable Software and Affected Versions GLPI versions 11.0.0 through 11.0.5 Description GLPI is a free Asset and IT management software package. An authenticated user can perform a SQL injection. The SQL injection can be performed through unspecified vectors. Recommendations Update ...

CVE-2026-22248 GLPI affected by Remote Code Execution via malicious upload

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigger its execution through an unsafe PHP...

CVE-2026-22248 GLPI affected by Remote Code Execution via malicious upload

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigger its execution through an unsafe PHP...

File Inclusion node-tar Dependency in Jira Software Data Center

This High severity File Inclusion vulnerability was introduced in versions 9.15.2, 9.16.0, 9.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.1 of Jira Software Data Center. This File Inclusion vulnerability, with a CVSS Score of 8.2 and a CVS...

CVE-2026-25754

CVE-2026-25754 affects AdonisJS multipart form-data parsing (package: @adonisjs/bodyparser). The underlying issue is prototype pollution caused by insufficient validation of multipart field names during parsing, allowing manipulation of object prototypes at runtime. Affected versions are AdonisJS...

GHSA-F5X2-VJ4H-VG4C AdonisJS multipart body parsing has Prototype Pollution issue

Description A Prototype Pollution vulnerability CWE-1321 in AdonisJS multipart form-data parsing may allow a remote attacker to manipulate object prototypes at runtime. This impacts @adonisjs/bodyparser through version 10.1.2 and 11.x prerelease versions prior to 11.0.0-next.8. This issue has bee...