42 matches found
EUVD-2026-12627
GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue...
EUVD-2025-25895
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-36112
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licens...
Linux Distros Unpatched Vulnerability : CVE-2025-53357
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features,...
Linux Distros Unpatched Vulnerability : CVE-2025-27514
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 9.5.0...
Linux Distros Unpatched Vulnerability : CVE-2025-53008
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses...
CVE-2023-46727
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint can be used to drive a SQL injection attack. Version 10.0.11 contains a patch for the issue. As a workaround, disable native inventory...
UBUNTU-CVE-2024-29889
GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. This vulnerability is fixed in 10.0.15...
UBUNTU-CVE-2024-31456
GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This vulnerability is fixed in 10.0.15...
UBUNTU-CVE-2024-27914
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if...
CVE-2024-27914
CVE-2024-27914 affects GLPI (Asset and IT Management Software). The vulnerability is a reflected XSS that can be triggered when an unauthenticated user entices a GLPI administrator with a malicious link and the administrator navigates through the debug bar. The issue is explicitly described as en...
CVE-2024-27914 Reflected Cross-Site Scripting (XSS) in search engine when debug mode is enabled in GLPI
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if...
CVE-2024-27096 SQL Injection in through the search engine
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in the search engine to extract data from the database. This issue has been patched in versi...
CVE-2024-27930
GLPI CVE-2024-27930 affects GLPI (Asset/IT Management) where an authenticated user can access sensitive fields data from items they have read access. Root cause details are not fully specified in the provided documents; the issue is mitigated by patching in version 10.0.13. The vulnerability is a...
CVE-2024-27937
GLPI (Asset/IT Management software) is affected by CVE-2024-27937 where an authenticated user can obtain the email addresses of all GLPI users. Root cause details across connected docs include: a patch exists in GLPI 10.0.13 (NVD/Red Hat/OSV notes), while another advisory notes that versions prio...
CVE-2023-51446
GLPI is a Free Asset and IT Management Software package. When authentication is made against a LDAP, the authentication form can be used to perform LDAP injection. Upgrade to 10.0.12...
CVE-2024-23645
GLPI is a Free Asset and IT Management Software package. A malicious URL can be used to execute XSS on reports pages. Upgrade to 10.0.12...
The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management system, related to the unlimited loading of dangerous type files, allows a violator to load any files into the system.
The vulnerability of the GLPI system for requests, incidents, and inventory management is related to the unlimited ability to upload dangerous files. Exploiting this vulnerability allows a malicious actor to upload any files into the system...
CVE-2023-37278
GLPI (Asset and IT Management software) is affected by SQL injection vulnerabilities disclosed across multiple sources. The initial CVE-2023-37278 entry states an administrator can trigger SQL injection via dashboards administration, with a patch available in version 10.0.9. Connected documents d...
Authorization
GLPI is a Free Asset and IT Management Software package. Versions 10.0.0 and above, prior to 10.0.6 are vulnerable to Incorrect Authorization. This vulnerability allow unauthorized access to inventory files. Thus, if anonymous access to FAQ is allowed, inventory files are accessbile by...