10 matches found
Improper Encoding or Escaping of Output
Overview glpi/glpi is a free Asset and IT Management Software package with ITIL Service Desk, licenses tracking and software auditing. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the Website field in the supplier component. An attacker can execu...
UBUNTU-CVE-2026-29047
GLPI is a free asset and IT management software package. From 10.0.0 to before 10.0.24 and 11.0.6, an authenticated user can perform a SQL injection via the logs export feature. This vulnerability is fixed in 10.0.24 and 11.0.6...
CVE-2026-29047 GLPI has an Authenticated SQL Injection via log exports
GLPI is a free asset and IT management software package. From 10.0.0 to before 10.0.24 and 11.0.6, an authenticated user can perform a SQL injection via the logs export feature. This vulnerability is fixed in 10.0.24 and 11.0.6...
CVE-2026-25932 GLPI has Stored XSS in Supplier 'Website' field
GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS payload in a supplier fields. This vulnerability is fixed in 10.0.24...
CVE-2026-25932 GLPI has Stored XSS in Supplier 'Website' field
GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS payload in a supplier fields. This vulnerability is fixed in 10.0.24...
PT-2026-30614
GLPI is a free asset and IT management software package. From 10.0.0 to before 10.0.24 and 11.0.6, an authenticated user can perform a SQL injection via the logs export feature. This vulnerability is fixed in 10.0.24 and 11.0.6...
CVE-2026-32598
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.24, the password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in production. Anyone with access to application logs log...
CVE-2026-32598 OneUptime: Password Reset Token Logged at INFO Level
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.24, the password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in production. Anyone with access to application logs log...
PT-2026-25091
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.24, the password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in production. Anyone with access to application logs log...
PT-2026-22804
Name of the Vulnerable Software and Affected Versions GLPI versions 0.60 through 10.0.23 Description GLPI is an Asset and IT Management Software package. An authenticated technician user can store a cross-site scripting XSS payload in supplier fields. This allows for potential malicious code...