CVE-2026-26001

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from reports, with adequate rights. This vulnerability is fixed in 1.6.6...

EUVD-2026-9330

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, there is a reflected XSS vulnerability in task jobs. This vulnerability is fixed in 1.6.6...

PT-2026-22838

Name of the Vulnerable Software and Affected Versions GLPI Inventory Plugin versions prior to 1.6.6 Description The GLPI Inventory Plugin manages network discovery, inventory, software deployment, and data collection for GLPI agents. A reflected cross-site scripting XSS issue exists in task jobs...

CVE-2025-32786

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Versions 1.5.0 and below are vulnerable to SQL Injection. This issue is fixed in version 1.5.1...

EUVD-2013-7138

Malware in sbrugna...

EUVD-2018-17218

Malware in sbrugna...

EUVD-2025-14843

Malicious code in bioql PyPI...

VMware Aria Operations 8.x < 8.18.5 Multiple Vulnerabilities (VMSA-2025-0015)

The version of VMware Aria Operations formerly vRealize Operations running on the remote host is 8.x prior to 8.18.5. It is, therefore, affected by multiple vulnerabilities as disclosed in the VMSA-2025-0015 advisory: - VMware Aria Operations and VMware Tools contain a local privilege escalation...

CVE-2025-34204

Summary: CVE-2025-34204 affects Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments). Multiple Docker containers run core processes (e.g., PHP workers, Node.js servers, custom binaries) as root, increasing blast radius if a container is breached an...

CVE-2024-38648

A hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated attacker on an adjacent network to decrypt sensitive data including user credentials...

The vulnerability of the software deployment plugin and the GLPI Inventory network is related to incorrect restrictions on the path to the restricted-access catalog, allowing attackers to gain access to protected information.

The vulnerability of the software deployment and GLPI Inventory network component relates to incorrect restrictions on the path name to the restricted access catalog. Exploiting this vulnerability could allow an attacker to gain access to protected information...

CVE-2013-7366

The SAP Software Deployment Manager SDM, in certain unspecified conditions, allows remote attackers to cause a denial of service via vectors related to failed authentications...

Do Not Enable the NFS Service

The Network File System NFS is one of the earliest and most widely used file systems in UNIX environments. It allows a system to mount file systems of other servers over the network. If the system does not share content through NFS, you are advised to disable NFS to reduce the remote attack...

Do Not Install the Print Service

A server running Common Unix Printing System CUPS provides print services to other devices on the network. Running the CUPS service requires additional system resources and expands the attack surface. Therefore, do not start the CUPS service in the scenario where the CUPS service is not required...

Do Not Install the HTTP Service

HyperText Transfer Protocol HTTP is a simple request-response protocol and usually runs over TCP. It specifies what messages the client may send to the server and what responses the client receives. Request and response messages include headers in ASCII, and the message content often uses a...

CVE-2025-27147

The GLPI Inventory Plugin handles various types of tasks for GLPI agents, including network discovery and inventory SNMP, software deployment, VMWare ESX host remote inventory, and data collection files, Windows registry, WMI. Versions prior to 1.5.0 have an improper access control vulnerability...

CVE-2025-27147 GLPI Inventory plugin has Improper Access Control Vulnerability

The GLPI Inventory Plugin handles various types of tasks for GLPI agents, including network discovery and inventory SNMP, software deployment, VMWare ESX host remote inventory, and data collection files, Windows registry, WMI. Versions prior to 1.5.0 have an improper access control vulnerability...

CVE-2025-27147

The CVE-2025-27147 issue affects the GLPI Inventory Plugin used with GLPI, where versions prior to 1.5.0 contain an improper access control vulnerability. Reported details across connected sources consistently point to an access-control weakness in GLPI Inventory Plugin tasks (network discovery, ...

CVE-2025-27147 GLPI Inventory plugin has Improper Access Control Vulnerability

The GLPI Inventory Plugin handles various types of tasks for GLPI agents, including network discovery and inventory SNMP, software deployment, VMWare ESX host remote inventory, and data collection files, Windows registry, WMI. Versions prior to 1.5.0 have an improper access control vulnerability...

Exploit for Code Injection in Rejetto Http_File_Server

CVE-2024-23692-poc CVE-2024-23692 is a template injection vu...