Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
Glpi-projectGlpi*

165 matches found

CVE
CVEadded 2022/11/03 4:15 p.m.39 views

CVE-2022-39373

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Administrator may store malicious code in entity name. This issue has been patched, please upgrade to v...

4.9CVSS5.2AI score0.00089EPSS
CVE
CVEadded 2021/09/15 4:15 p.m.38 views

CVE-2021-39209

GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, a user who is logged in to GLPI can bypass Cross-Site Request Forgery (CSRF) protection in many places. This could allow a malicious actor to perform many actions on GLPI. This issue is fixed in version 9.5.6. Ther...

8.8CVSS8.7AI score0.00137EPSS
CVE
CVEadded 2023/07/05 9:15 p.m.38 views

CVE-2023-35940

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch for this issue.

7.5CVSS7.5AI score0.00272EPSS
CVE
CVEadded 2023/04/05 6:15 p.m.37 views

CVE-2023-28852

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 9.5.13 and 10.0.7, a user with dashboard administration rights may hack the dashboard form to store malicious code that will be executed when other users will use the related dashboard. Versions...

4.8CVSS5AI score0.00403EPSS
CVE
CVEadded 2015/10/05 2:59 p.m.33 views

CVE-2015-7685

GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the _profiles_id parameter to front/user.form.php.

4CVSS6.4AI score0.00146EPSS
CVE
CVEadded 2023/11/02 2:15 p.m.32 views

CVE-2023-42802

GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one to upload malicious PHP files to unwanted directories. Depending on web server configuration and available system libraries, malicious PHP ...

10CVSS9.7AI score0.03012EPSS
CVE
CVEadded 2023/12/13 7:15 p.m.32 views

CVE-2023-46726

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, on PHP 7.4 only, the LDAP server configuration form can be used to execute arbitrary code previously uploaded as a GLPI document. Version 10.0.11 contains a patch for the issue.

9.8CVSS8.8AI score0.00126EPSS
CVE
CVEadded 2025/07/30 2:15 p.m.8 views

CVE-2025-52567

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 0.84 through 10.0.18, usage of RSS feeds or external calendars when planning is subject to SSRF exploit. The previous security patches provided si...

5CVSS6.5AI score0.0003EPSS
CVE
CVEadded 2025/07/30 2:15 p.m.8 views

CVE-2025-52897

GLPI is a Free Asset and IT Management Software package. In versions 9.1.0 through 10.0.18, an unauthenticated user can send a malicious link to attempt a phishing attack from the planning feature. This is fixed in version 10.0.19.

6.5CVSS6.5AI score0.00069EPSS
CVE
CVEadded 2025/07/30 2:15 p.m.7 views

CVE-2025-53008

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.3.1 through 10.0.19, a connected user can use a malicious payload to steal mail receiver crede...

6.5CVSS6.4AI score0.00033EPSS
CVE
CVEadded 2025/07/30 3:15 p.m.7 views

CVE-2025-53113

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 0.65 through 10.0.18, a technician can use the external links feature to fetch informati...

2.7CVSS6.3AI score0.00032EPSS
CVE
CVEadded 2025/07/30 3:15 p.m.7 views

CVE-2025-53357

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 0.78 through 10.0.18, a connected user can alter the reservations of another user. This ...

5.4CVSS6.5AI score0.0003EPSS
CVE
CVEadded 2025/07/29 6:15 p.m.6 views

CVE-2025-27514

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 9.5.0 through 10.0.18, a technician can use a malicious payload to trigger a stored XSS on the project's kanban. This is fixed in version 10.0.19.

5.4CVSS5.6AI score0.0003EPSS
CVE
CVEadded 2025/07/30 3:15 p.m.6 views

CVE-2025-53111

GLPI is a Free Asset and IT Management Software package. In versions 0.80 through 10.0.18, a lack of permission checks can result in unauthorized access to some resources. This is fixed in version 10.0.19.

6.5CVSS6.3AI score0.0004EPSS
CVE
CVEadded 2025/07/30 3:15 p.m.6 views

CVE-2025-53112

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.1.0 through 10.0.18, a lack of permission checks can result in unauthorized removal of some specific resources. This is fixed in version 10.0.19.

4.3CVSS6.4AI score0.00031EPSS
Total number of security vulnerabilities165