Lucene search
K

17 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.9 views

CVE-2026-40108

GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, a technician can store an XSS payload in a ITIL costs. This issue has been fixed in version 11.0.7...

7.1CVSS5.3AI score0.00268EPSS
Exploits0References1
CVE
CVE
added 2026/06/02 11:2 p.m.21 views

CVE-2026-40108

CVE-2026-40108 - GLPI Stored XSS in ITIL costs : Affects GLPI versions 11.0.0 through 11.0.6 where a technician can store an XSS payload in ITIL costs. The issue has been fixed in version 11.0.7. CVSS 4.0 base score is 7.1 (HIGH) with user interaction required and HIGH impact on confidentiality, ...

7.1CVSS5.7AI score0.00268EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/19 12:16 a.m.8 views

CVE-2026-32312

GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, an authenticated user with forms READ permission can export the structure of unauthorized forms. This issue has been fixed in version 11.0.7...

5.1CVSS5.7AI score0.00217EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.13 views

PT-2026-38713

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS5.8AI score0.04128EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.13 views

PT-2026-37910

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability c...

7.5CVSS7.1AI score0.02698EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/04/07 5:3 p.m.13 views

CVE-2026-29047

GLPI is a free asset and IT management software package. From 10.0.0 to before 10.0.24 and 11.0.6, an authenticated user can perform a SQL injection via the logs export feature. This vulnerability is fixed in 10.0.24 and 11.0.6...

8.8CVSS5.9AI score0.00388EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/06 3:17 p.m.3 views

CVE-2026-26027

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated user can store an XSS payload through the inventory endpoint. This vulnerability is fixed in 11.0.6...

7.5CVSS5.9AI score0.00191EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/17 11:16 p.m.32 views

CVE-2026-25937 GLPI has a MFA bypass

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue...

6.5CVSS0.00292EPSS
Exploits0References1
OSV
OSV
added 2026/03/17 11:16 p.m.7 views

CVE-2026-25937 GLPI has a MFA bypass

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue...

6.5CVSS5.9AI score0.00292EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/17 11:16 p.m.2 views

CVE-2026-25937 GLPI has a MFA bypass

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue...

6.5CVSS5.8AI score0.00292EPSS
Exploits0References1
NVD
NVD
added 2026/03/17 8:16 p.m.4 views

CVE-2026-25936

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue...

8.8CVSS0.00339EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/21 6:50 a.m.3 views

CVE-2026-27452 ASN.1 TypeScript Library: Decoding an INTEGER could leak the underlying ArrayBuffer

ASN.1 TypeScript ESM library, including codecs for Basic Encoding Rules BER and Distinguished Encoding Rules DER. In versions 11.0.5 and below, in some cases, decoding an INTEGER could leak the underlying ArrayBuffer. This issue is expected to be fixed in version 11.0.6...

9.2CVSS5.3AI score0.0026EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:3 a.m.4 views

SUSE CVE-2020-2767

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability...

4.8CVSS7.3AI score0.02108EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:3 a.m.5 views

SUSE CVE-2020-2816

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability c...

7.5CVSS8.2AI score0.02698EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2020/04/22 9:16 a.m.6 views

OpenJDK: Incorrect handling of Certificate messages during TLS handshake (JSSE, 8232581)

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability...

5.8CVSS7.3AI score0.02108EPSS
Exploits0References4
OSV
OSV
added 2020/04/15 2:15 p.m.3 views

DEBIAN-CVE-2020-2781

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to...

5.3CVSS6.1AI score0.04948EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2014/01/15 12:0 a.m.2 views

PT-2014-2050 · Adobe · Reader +1

Name of the Vulnerable Software and Affected Versions: Adobe Reader and Acrobat versions 10.x through 10.1.8 Adobe Reader and Acrobat versions 11.x through 11.0.05 Description: The issue is related to resource management errors in Adobe Acrobat and Adobe Reader. It allows a remote attacker to cau...

10CVSS8AI score0.40243EPSS
Exploits0References9
Rows per page
Query Builder