4 matches found
EUVD-2025-5427
Malicious code in bioql PyPI...
CVE-2025-21626 GLPI vulnerable to exposure of sensitive information in the `status.php` endpoint
GLPI is a free asset and IT management software package. Starting in version 0.71 and prior to version 10.0.18, an anonymous user can fetch sensitive information from the status.php endpoint. Version 10.0.18 contains a fix for the issue. Some workarounds are available. One may delete the status.p...
CVE-2025-21626
GLPI is an asset/IT management product vulnerable up to version 10.0.18 due to an anonymous user able to fetch sensitive data from status.php. The issue is fixed in 10.0.18; mitigations include deleting status.php, restricting access, or sanitizing sensitive values in LDAP directories and related...
PT-2025-6928 · Glpi +1 · Glpi +1
Name of the Vulnerable Software and Affected Versions: GLPI versions 0.71 through 10.0.17 Description: The issue allows an anonymous user to fetch sensitive information from the "status.php" endpoint. There is no information about the estimated number of potentially affected devices worldwide or...