glpi-project
210 tracked vulnerabilities.
CVE-2026-32312
MEDIUM
GLPI: Unauthorized export of form structure
May 19, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-29047
HIGH
GLPI 10.0.0-10.0.23 and 11.0.x Log Exports - Authenticated SQL Injection
Apr 06, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-26263
HIGH
GLPI 11.0.0-11.0.5 Search Engine - Unauthenticated SQL Injection
Apr 06, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-26027
HIGH
GLPI 11.0.0-11.0.5 Inventory - Unauthenticated Stored Cross-Site Scripting
Apr 06, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-26026
CRITICAL
GLPI 11.0.0-11.0.5 Templates - Admin Remote Code Execution
Apr 06, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-25932
HIGH
GLPI has Stored XSS in Supplier 'Website' field
Apr 06, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-26001
HIGH
GLPI Inventory Plugin has SQL Injection on dropdown_calendar Report
Mar 18, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-25937
MEDIUM
GLPI 11.0.0-11.0.5 MFA - Authentication Bypass
Mar 18, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-25936
MEDIUM
GLPI Vulnerable to Authenticated SQL Injection
Mar 17, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-25590
MEDIUM
glpi_inventory < 1.6.6 - Reflected Cross-Site Scripting in Task Jobs
Mar 03, 2026
CVSS 4.5
EPSS 0.00
CVE-2026-22821
MEDIUM
more_reporting < 1.9.4 - SQL Injection via Date Change
Feb 12, 2026
CVSS 4.9
EPSS 0.00
CVE-2026-23624
MEDIUM
GLPI <10.0.23-11.0.5 - Info Disclosure
Feb 04, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-22247
MEDIUM
GLPI 11.0.0-11.0.4 - Authenticated Server-Side Request Forgery via Webhook Feature
Feb 04, 2026
CVSS 4.1
EPSS 0.00
CVE-2026-22044
MEDIUM
GLPI 0.85-10.0.22 - Authenticated SQL Injection
Feb 04, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-66417
HIGH
GLPI 11.0.0-11.0.2 - Unauthenticated SQL Injection via Inventory Endpoint
Jan 15, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-64516
HIGH
GLPI 10.0.0-10.0.20 - Unauthenticated Document Access via Public FAQ
Jan 15, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-64520
MEDIUM
GLPI 9.1.0-10.0.21 - Unauthenticated Knowledge Base Entry Access via API
Dec 16, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-59935
MEDIUM
GLPI 10.0.0-10.0.20 - Unauthenticated Stored Cross-Site Scripting via Inventory Endpoint
Dec 16, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-32786
HIGH
GLPI Inventory Plugin <1.5.1 - SQL Injection
Nov 04, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-53105
HIGH
GLPI <10.0.19 - Privilege Escalation
Aug 27, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-53357
MEDIUM
GLPI <10.0.18 - Privilege Escalation
Jul 30, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-53113
LOW
GLPI 0.65-10.0.18 - Improper Access Control via External Links Feature
Jul 30, 2025
CVSS 2.7
EPSS 0.00
CVE-2025-53112
MEDIUM
GLPI 9.1.0-10.0.18 - Unauthenticated Unauthorized Resource Removal
Jul 30, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-53111
MEDIUM
GLPI 0.80-10.0.18 - Unauthenticated Improper Access Control
Jul 30, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-53008
MEDIUM
GLPI 9.3.1-10.0.19 - Authenticated Credential Theft via Malicious Payload
Jul 30, 2025
CVSS 6.5
EPSS 0.00