Lucene search
K

42 matches found

EUVD
EUVD
added 2026/03/17 7:41 p.m.6 views

EUVD-2026-12627

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue...

6.5CVSS5.8AI score0.00339EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-25895

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00332EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-36112

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licens...

5.8CVSS6.6AI score0.00459EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-53357

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features,...

5.4CVSS5AI score0.00176EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-27514

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 9.5.0...

5.4CVSS4.9AI score0.00191EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-53008

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses...

6.5CVSS5AI score0.00256EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:1 a.m.9 views

CVE-2023-46727

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint can be used to drive a SQL injection attack. Version 10.0.11 contains a patch for the issue. As a workaround, disable native inventory...

9.8CVSS7.7AI score0.67107EPSS
Exploits0
OSV
OSV
added 2024/05/07 2:15 p.m.4 views

UBUNTU-CVE-2024-29889

GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. This vulnerability is fixed in 10.0.15...

8.1CVSS5.9AI score0.6296EPSS
Exploits0References4
OSV
OSV
added 2024/05/07 2:15 p.m.7 views

UBUNTU-CVE-2024-31456

GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This vulnerability is fixed in 10.0.15...

7.7CVSS5.8AI score0.59136EPSS
Exploits0References4
OSV
OSV
added 2024/03/18 5:15 p.m.2 views

UBUNTU-CVE-2024-27914

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if...

6.1CVSS5.7AI score0.00815EPSS
Exploits0References5
CVE
CVE
added 2024/03/18 4:19 p.m.89 views

CVE-2024-27914

CVE-2024-27914 affects GLPI (Asset and IT Management Software). The vulnerability is a reflected XSS that can be triggered when an unauthenticated user entices a GLPI administrator with a malicious link and the administrator navigates through the debug bar. The issue is explicitly described as en...

6.1CVSS5.4AI score0.00815EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/03/18 4:19 p.m.30 views

CVE-2024-27914 Reflected Cross-Site Scripting (XSS) in search engine when debug mode is enabled in GLPI

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if...

5.3CVSS5.8AI score0.00815EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/03/18 4:11 p.m.25 views

CVE-2024-27096 SQL Injection in through the search engine

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in the search engine to extract data from the database. This issue has been patched in versi...

7.7CVSS7.5AI score0.58818EPSS
Exploits0References3
CVE
CVE
added 2024/03/18 3:29 p.m.101 views

CVE-2024-27930

GLPI CVE-2024-27930 affects GLPI (Asset/IT Management) where an authenticated user can access sensitive fields data from items they have read access. Root cause details are not fully specified in the provided documents; the issue is mitigated by patching in version 10.0.13. The vulnerability is a...

6.5CVSS6.4AI score0.01139EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2024/03/18 3:17 p.m.110 views

CVE-2024-27937

GLPI (Asset/IT Management software) is affected by CVE-2024-27937 where an authenticated user can obtain the email addresses of all GLPI users. Root cause details across connected docs include: a patch exists in GLPI 10.0.13 (NVD/Red Hat/OSV notes), while another advisory notes that versions prio...

6.5CVSS6.5AI score0.26937EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2024/02/01 6:15 p.m.28 views

CVE-2023-51446

GLPI is a Free Asset and IT Management Software package. When authentication is made against a LDAP, the authentication form can be used to perform LDAP injection. Upgrade to 10.0.12...

8.1CVSS7.1AI score0.0087EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/02/01 6:15 p.m.24 views

CVE-2024-23645

GLPI is a Free Asset and IT Management Software package. A malicious URL can be used to execute XSS on reports pages. Upgrade to 10.0.12...

6.5CVSS6.5AI score0.00886EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2023/11/15 12:0 a.m.5 views

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management system, related to the unlimited loading of dangerous type files, allows a violator to load any files into the system.

The vulnerability of the GLPI system for requests, incidents, and inventory management is related to the unlimited ability to upload dangerous files. Exploiting this vulnerability allows a malicious actor to upload any files into the system...

9.4CVSS7.7AI score0.01043EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2023/07/13 10:37 p.m.86 views

CVE-2023-37278

GLPI (Asset and IT Management software) is affected by SQL injection vulnerabilities disclosed across multiple sources. The initial CVE-2023-37278 entry states an administrator can trigger SQL injection via dashboards administration, with a patch available in version 10.0.9. Connected documents d...

9.1CVSS8.3AI score0.00576EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/01/26 9:18 p.m.24 views

Authorization

GLPI is a Free Asset and IT Management Software package. Versions 10.0.0 and above, prior to 10.0.6 are vulnerable to Incorrect Authorization. This vulnerability allow unauthorized access to inventory files. Thus, if anonymous access to FAQ is allowed, inventory files are accessbile by...

5CVSS7.4AI score0.00844EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder