Lucene search
K

152 matches found

GithubExploit
GithubExploit
added 2026/06/15 10:9 p.m.60 views

Exploit for CVE-2026-54596

CVE-2026-54596 - Authenticated SQL Injection via recurringinv...

6.1AI score
Exploits0
CVE
CVE
added 2026/06/12 5:7 p.m.212 views

CVE-2026-48558

Summary of vulnerability (CVE-2026-48558) : SimpleHelp versions 5.5.15 and earlier and 6.0 pre-release contain an authentication bypass in the OpenID Connect (OIDC) flow. When OIDC is configured, identity tokens are accepted without cryptographic signature verification, allowing a remote, unauthe...

10CVSS5.5AI score0.0116EPSS
In wildExploits1References5Affected Software1
EUVD
EUVD
added 2026/06/12 5:7 p.m.42 views

EUVD-2026-36509

SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a...

10CVSS5.5AI score0.0116EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48947

Name of the Vulnerable Software and Affected Versions SimpleHelp versions 5.5.1 through 5.5.15 SimpleHelp versions 6.0 pre-release through 6.0 RC1 Description An authentication bypass exists in the OpenID Connect OIDC authentication flow. The server fails to verify the cryptographic signature of...

10CVSS6.2AI score0.0116EPSS
Exploits1References115
CVE
CVE
added 2026/06/03 3:16 p.m.17 views

CVE-2026-42317

Product: GLPIVulnerability: Arbitrary files deletion by a technicianAffected versions: from 0.78 up to, but not including, 10.0.25 and 11.0.7Root cause/condition: Webserver must have write rights on the target files; a logged-in technician can delete arbitrary files from the filesystemImpact (as ...

7CVSS5.9AI score0.00346EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.11 views

PT-2026-45956

GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, a technician can delete arbitrary files from the filesystem as long as the webserver has write rights on them. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

7CVSS5.9AI score0.00346EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/07 5:4 p.m.6 views

CVE-2026-25932

GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS payload in a supplier fields. This vulnerability is fixed in 10.0.24...

7.2CVSS5.9AI score0.0028EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/06 3:17 p.m.7 views

CVE-2026-25932

GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS payload in a supplier fields. This vulnerability is fixed in 10.0.24...

7.2CVSS5.9AI score0.0028EPSS
Exploits0References2
OSV
OSV
added 2026/04/06 3:17 p.m.3 views

UBUNTU-CVE-2026-25932

GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS payload in a supplier fields. This vulnerability is fixed in 10.0.24...

7.2CVSS5.8AI score0.0028EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/06 2:31 p.m.32 views

CVE-2026-25932 GLPI has Stored XSS in Supplier 'Website' field

GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS payload in a supplier fields. This vulnerability is fixed in 10.0.24...

7.2CVSS0.0028EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/06 2:31 p.m.3 views

CVE-2026-25932 GLPI has Stored XSS in Supplier 'Website' field

GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS payload in a supplier fields. This vulnerability is fixed in 10.0.24...

7.2CVSS5.9AI score0.0028EPSS
Exploits0References1
NVD
NVD
added 2026/03/11 4:16 p.m.4 views

CVE-2026-22248

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigger its execution through an unsafe PHP...

8.8CVSS0.00315EPSS
Exploits0References1
OSV
OSV
added 2026/03/11 4:16 p.m.5 views

UBUNTU-CVE-2026-22248

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigger its execution through an unsafe PHP...

8.8CVSS6AI score0.00315EPSS
Exploits0References2
CVE
CVE
added 2026/03/11 3:27 p.m.26 views

CVE-2026-22248

GLPI 11.0.0 through 11.0.4 is affected by a Remote Code Execution vulnerability mediated by an unsafe PHP instantiation when an authenticated technician uploads a malicious file. The issue allows code execution on the server due to how the uploaded file is processed. The vulnerability is fixed in...

8.8CVSS5.9AI score0.00315EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/11 3:27 p.m.4 views

CVE-2026-22248 GLPI affected by Remote Code Execution via malicious upload

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigger its execution through an unsafe PHP...

8CVSS5.9AI score0.00315EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/11 3:27 p.m.3 views

CVE-2026-22248 GLPI affected by Remote Code Execution via malicious upload

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigger its execution through an unsafe PHP...

8CVSS5.9AI score0.00315EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/11 3:27 p.m.3 views

CVE-2026-22248

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigger its execution through an unsafe PHP...

8CVSS5.9AI score0.00315EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/03/11 3:27 p.m.5 views

EUVD-2026-11192

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigger its execution through an unsafe PHP...

8CVSS5.9AI score0.00315EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/11 3:27 p.m.30 views

CVE-2026-22248 GLPI affected by Remote Code Execution via malicious upload

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigger its execution through an unsafe PHP...

8CVSS0.00315EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.8 views

PT-2026-24698

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigger its execution through an unsafe PHP...

8.8CVSS5.9AI score0.00315EPSS
Exploits0References11
Rows per page
Query Builder