CVE-2026-44281 GLPI vulnerable to unauthorized reading of a specific asset object

GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, an authenticated user with config READ permission can read a specific asset object. Upgrade to 11.0.7 or 10.0.25 to receive a patch...

EUVD-2026-5385

GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhook feature. This issue has been patched in version 11.0.5...

CVE-2023-53943 GLPI 9.5.7 Username Enumeration Vulnerability via Lost Password Endpoint

GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism that allows attackers to validate email addresses. Attackers can systematically test email addresses by submitting requests to the password reset endpoint and analyzing response differences to identif...

Linux Distros Unpatched Vulnerability : CVE-2024-27104

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A user with rights ...

Linux Distros Unpatched Vulnerability : CVE-2024-27914

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated...

Improper Authorization

Overview glpi/glpi is a free Asset and IT Management Software package with ITIL Service Desk, licenses tracking and software auditing. Affected versions of this package are vulnerable to Improper Authorization via the update.php file which allows an attacker to disable all active plugins by...

PT-2024-14128 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.12 Description: The issue is related to LDAP injection when authentication is made against a LDAP server. This can be exploited by a remote attacker to perform LDAP injection using the authentication form. The...

GLPI SQL注入漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

PT-2022-24938 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.4 Description: The issue allows an administrator to store malicious code in an entity name. This can potentially lead to security breaches. The estimated number of potentially affected devices is not specified...

None in glpi-project/glpi

Description We can have list of user of Emplyes in GLPI plateform Proof of Concept Here for example wa are as Intervenant Role. Steps to reproduce : 1. Go to Assistance--Planning 2.In the left of the menu in front of Plannings section, clich on Plus + Button 3. In the Actor Field List we select...

UBUNTU-CVE-2020-11062

In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in Dropdown endpoints due to an invalid Content-Type. This has been fixed in version 9.4.6...

UBUNTU-CVE-2017-11329

GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php request with an entityrestrict parameter that is not a list of integers...