CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2025/09/03 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2023-42461

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses...

9.8CVSS8.2AI score0.00955EPSS

Exploits0References2

Tenable Nessus•added 2025/09/02 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2023-42802

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one ...

10CVSS7.9AI score0.06157EPSS

Exploits0References2

RedhatCVE•added 2025/05/22 7:8 p.m.•5 views

CVE-2021-20693

Improper access control vulnerability in Gurunavi App for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App...

7.5CVSS6.8AI score0.0023EPSS

Vulnrichment•added 2023/11/02 1:32 p.m.•19 views

CVE-2023-42802 GLPI vulnerable to unallowed PHP script execution

GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one to upload malicious PHP files to unwanted directories. Depending on web server configuration and available system libraries, malicious PH...

10CVSS7.3AI score0.06157EPSS

Exploits0References2

NVD•added 2023/09/27 3:19 p.m.•21 views

CVE-2023-42461

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The ITIL actors input field from the Ticket form can be used to perform a SQL injection. Users are advised...

9.8CVSS7.6AI score0.00955EPSS

NVD•added 2023/09/27 3:19 p.m.•15 views

CVE-2023-42462

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The document upload process can be diverted to delete some files. Users are advised to upgrade to version...

9.1CVSS8AI score0.0071EPSS

Prion•added 2023/09/27 3:19 p.m.•27 views

Design/Logic Flaw

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The document upload process can be diverted to delete some files. Users are advised to upgrade to version...

6.4CVSS9.2AI score0.0071EPSS

OSV•added 2023/09/27 3:19 p.m.•2 views

UBUNTU-CVE-2023-41322

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A user with write access to another user can make requests to change the latter's password and then take...

8.8CVSS5.8AI score0.00225EPSS

OSV•added 2023/09/27 3:19 p.m.•0 views

UBUNTU-CVE-2023-41323

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can enumerate users logins. Users are advised to upgrade to version 10.0.10. There...

5.3CVSS5.8AI score0.06112EPSS

Prion•added 2023/09/27 3:19 p.m.•20 views

Sql injection

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. UI layout preferences management can be hijacked to lead to SQL injection. This injection can be use to...

7.5CVSS9.8AI score0.09435EPSS

Prion•added 2023/09/27 3:19 p.m.•19 views

Design/Logic Flaw

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A logged user from any profile can hijack the Kanban feature to alter any user field, and end-up with...

6.5CVSS8.6AI score0.04351EPSS

Prion•added 2023/09/27 3:19 p.m.•22 views

Design/Logic Flaw

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can enumerate users logins. Users are advised to upgrade to version 10.0.10. There...

5CVSS6.3AI score0.06112EPSS

OSV•added 2023/09/27 3:19 p.m.•0 views

UBUNTU-CVE-2023-41888

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The lack of path filtering on the GLPI URL may allow an attacker to transmit a malicious URL of login page...

5.4CVSS6AI score0.00316EPSS

FreeBSD•added 2023/09/27 12:0 a.m.•18 views

Users login enumeration by unauthenticated user in GLPI

[email protected] reports: GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can enumerate users logins. Users are...

5.3CVSS7.3AI score0.06112EPSS

FreeBSD•added 2023/09/27 12:0 a.m.•19 views

Privilege Escalation from technician to super-admin in GLPI

[email protected] reports: GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A user with write access to another user can make requests to chan...

8.8CVSS7.6AI score0.00225EPSS

FreeBSD•added 2023/09/27 12:0 a.m.•22 views

Account takeover through API in GLPI

[email protected] reports: GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user that have read access on users resource can steal...

8.8CVSS7.1AI score0.00229EPSS

FreeBSD•added 2023/09/27 12:0 a.m.•25 views

glpi-project -- SQL injection in ITIL actors in GLPI

[email protected] reports: GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The ITIL actors input field from the Ticket form can be used to...

9.8CVSS7.6AI score0.00955EPSS

Cvelist•added 2023/09/26 10:45 p.m.•24 views

CVE-2023-42461 SQL injection in ITIL actors in GLPI

6.5CVSS10AI score0.00955EPSS

OSV•added 2023/09/26 10:35 p.m.•21 views

CVE-2023-41323 Users login enumeration by unauthenticated user in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can enumerate users logins. Users are advised to upgrade to version 10.0.10. There...

5.3CVSS5.4AI score0.06112EPSS