CVE-2026-26027

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated user can store an XSS payload through the inventory endpoint. This vulnerability is fixed in 11.0.6...

CVE-2026-29047

GLPI is a free asset and IT management software package. From 10.0.0 to before 10.0.24 and 11.0.6, an authenticated user can perform a SQL injection via the logs export feature. This vulnerability is fixed in 10.0.24 and 11.0.6...

CVE-2026-25932

GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS payload in a supplier fields. This vulnerability is fixed in 10.0.24...

CVE-2024-41678

GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.17...

EUVD-2013-4550

Malware in sbrugna...

EUVD-2025-6705

Malicious code in bioql PyPI...

EUVD-2021-8673

Malicious code in bioql PyPI...

EUVD-2025-23156

Malicious code in bioql PyPI...

EUVD-2025-23159

Malicious code in bioql PyPI...

EUVD-2024-41534

Malicious code in bioql PyPI...

CVE-2025-53113

GLPI contains a permission/authorization bypass in the external links feature. In versions 0.65 through 10.0.18, a technician can use external links to retrieve information about items they do not have rights to see, leading to unauthorized access to sensitive data. This is fixed in version 10.0....

CVE-2025-53112

GLPI (versions 9.1.0–10.0.18) has a permission-checking weakness that can allow unauthorized removal of specific resources. The root cause is lack of permission checks on certain deletion actions. The issue is fixed in version 10.0.19. Mitigation is to upgrade to 10.0.19 or apply vendor-provided ...

CVE-2025-53112 GLPI's incomprehensive permission checks can lead to data removal from allowed users

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.1.0 through 10.0.18, a lack of permission checks can result in unauthorized removal of some specific resources. This is fixed in version 10.0.1...

CVE-2025-53112 GLPI's incomprehensive permission checks can lead to data removal from allowed users

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.1.0 through 10.0.18, a lack of permission checks can result in unauthorized removal of some specific resources. This is fixed in version 10.0.1...

CVE-2025-53008 GLPI's MailCollector Receiver is vulnerable to credential exfiltration

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.3.1 through 10.0.19, a connected user can use a malicious payload to steal mail receiver...

CVE-2025-52567 GLPI has overly permissive URL verification

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 0.84 through 10.0.18, usage of RSS feeds or external calendars when planning is subject to SSRF exploit. The previous security patches provided...

CVE-2025-52567

GLPI vulnerability CVE-2025-52567 affects GLPI versions 0.84–10.0.18 where using RSS feeds or external calendars during planning allows SSRF. The issue is fixed in version 10.0.19. Related sources note an unauthenticated access path via the planning feature (phishing context) and server-side requ...

CVE-2025-27514

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 9.5.0 through 10.0.18, a technician can use a malicious payload to trigger a stored XSS on the project's kanban. This is fixed in version 10.0.1...

PT-2025-31227 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions 9.5.0 through 10.0.18 Description: GLPI is an Asset and IT Management Software package. A technician can utilize a malicious payload to trigger a stored Cross-Site Scripting XSS issue on the project's kanban. Recommendations:...

CVE-2023-37278

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An administrator can trigger SQL injection via dashboards administration. This vulnerability has been patched in version 10.0.9...