CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

148 matches found

CVE•added 2026/06/03 3:16 p.m.•8 views

CVE-2026-42317

Product: GLPIVulnerability: Arbitrary files deletion by a technicianAffected versions: from 0.78 up to, but not including, 10.0.25 and 11.0.7Root cause/condition: Webserver must have write rights on the target files; a logged-in technician can delete arbitrary files from the filesystemImpact (as ...

7CVSS5.9AI score0.00076EPSS

Exploits0References1

Positive Technologies•added 2026/06/03 12:0 a.m.•6 views

PT-2026-45956

GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, a technician can delete arbitrary files from the filesystem as long as the webserver has write rights on them. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

7CVSS5.9AI score0.00076EPSS

Exploits0References2

RedhatCVE•added 2026/04/07 5:4 p.m.•4 views

CVE-2026-25932

GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS payload in a supplier fields. This vulnerability is fixed in 10.0.24...

7.2CVSS5.9AI score0.00013EPSS

Exploits0References1

UbuntuCve•added 2026/04/06 3:17 p.m.•3 views

CVE-2026-25932

7.2CVSS5.9AI score0.00013EPSS

Exploits0References2

OSV•added 2026/04/06 3:17 p.m.•1 views

UBUNTU-CVE-2026-25932

7.2CVSS5.8AI score0.00013EPSS

Exploits0References3

Cvelist•added 2026/04/06 2:31 p.m.•29 views

CVE-2026-25932 GLPI has Stored XSS in Supplier 'Website' field

7.2CVSS0.00013EPSS

Exploits0References1

Vulnrichment•added 2026/04/06 2:31 p.m.•2 views

CVE-2026-25932 GLPI has Stored XSS in Supplier 'Website' field

7.2CVSS5.9AI score0.00013EPSS

Exploits0References1

NVD•added 2026/03/11 4:16 p.m.•2 views

CVE-2026-22248

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigger its execution through an unsafe PHP...

8.8CVSS0.00263EPSS

Exploits0References1

OSV•added 2026/03/11 4:16 p.m.•3 views

UBUNTU-CVE-2026-22248

8.8CVSS6AI score0.00263EPSS

Exploits0References2

Vulnrichment•added 2026/03/11 3:27 p.m.•2 views

CVE-2026-22248 GLPI affected by Remote Code Execution via malicious upload

8CVSS5.9AI score0.00263EPSS

Exploits0References1

EUVD•added 2026/03/11 3:27 p.m.•3 views

EUVD-2026-11192

8CVSS5.9AI score0.00263EPSS

Exploits0References1

Cvelist•added 2026/03/11 3:27 p.m.•25 views

CVE-2026-22248 GLPI affected by Remote Code Execution via malicious upload

8CVSS0.00263EPSS

Exploits0References1

ATTACKERKB•added 2026/03/11 3:27 p.m.•2 views

CVE-2026-22248

8CVSS5.9AI score0.00263EPSS

Exploits0References2Affected Software1

CVE•added 2026/03/11 3:27 p.m.•15 views

CVE-2026-22248

GLPI 11.0.0 through 11.0.4 is affected by a Remote Code Execution vulnerability mediated by an unsafe PHP instantiation when an authenticated technician uploads a malicious file. The issue allows code execution on the server due to how the uploaded file is processed. The vulnerability is fixed in...

8.8CVSS5.9AI score0.00263EPSS

Exploits0References1Affected Software1

OSV•added 2026/03/11 3:27 p.m.•3 views

CVE-2026-22248 GLPI affected by Remote Code Execution via malicious upload

8CVSS5.9AI score0.00263EPSS

Exploits0References3

Positive Technologies•added 2026/03/11 12:0 a.m.•3 views

PT-2026-24698

8.8CVSS5.9AI score0.00263EPSS

Exploits0References11

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-3417