EUVD-2024-21128

Malicious code in bioql PyPI...

EUVD-2023-32300

Malicious code in bioql PyPI...

EUVD-2022-41834

Malicious code in bioql PyPI...

EUVD-2024-41532

Malicious code in bioql PyPI...

EUVD-2023-45833

Malicious code in bioql PyPI...

CVE-2025-53113

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 0.65 through 10.0.18, a technician can use the external links feature to fetch...

CVE-2025-53357

GLPI (Gestionnaire Libre de Parc Informatique) is affected in versions 0.78–10.0.18, where a connected user can alter another user’s reservations. The issue is fixed in version 10.0.19. Affected products: GLPI Asset/IT Management software; impact: permission/reservation modification by an authent...

CVE-2025-53112 GLPI's incomprehensive permission checks can lead to data removal from allowed users

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.1.0 through 10.0.18, a lack of permission checks can result in unauthorized removal of some specific resources. This is fixed in version 10.0.1...

PT-2025-31385 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions 9.1.0 through 10.0.18 Description: GLPI is an Asset and IT Management Software package. An unauthenticated user can send a malicious link to attempt a phishing attack from the planning feature. Recommendations: Update to version...

ROS-20250717-01

GLPI asset and data center management software vulnerability is related to incorrect access restrictions in the API. Exploitation of the vulnerability could allow an attacker, acting remotely, to gain access to sensitive information...

CVE-2025-25192 GLPI allows unauthorized access to debug mode

GLPI is a free asset and IT management software package. Prior to version 10.0.18, a low privileged user can enable debug mode and access sensitive information. Version 10.0.18 contains a patch. As a workaround, one may delete the install/update.php file...

PT-2025-6972 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions 0.72 through 10.0.17 Description: The issue allows an anonymous user to disable all active plugins. The estimated number of potentially affected devices is not provided. There is no information about real-world incidents where...

PT-2025-6928 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions 0.71 through 10.0.17 Description: The issue allows an anonymous user to fetch sensitive information from the "status.php" endpoint. There is no information about the estimated number of potentially affected devices worldwide or...

CVE-2021-39209

GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, a user who is logged in to GLPI can bypass Cross-Site Request Forgery CSRF protection in many places. This could allow a malicious actor to perform many actions on GLPI. This issue is fixed in version 9.5.6. Ther...

CVE-2024-50339 GLPI vulnerable to unauthenticated session hijacking

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17 contains a patch for this issue...

CVE-2024-27756

GLPI through 10.0.12 allows CSV injection by an attacker who is able to create an asset with a crafted title...

GLPI Information Disclosure Vulnerability (CNVD-2022-44238)

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build a database to fully manage IT computers, monitors, servers, printers, network devices, phones, even toner cartridges...

CVE-2019-10233

Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie...