glpi-project
218 tracked vulnerabilities.
CVE-2026-13490
LOW
glpi-project glpi Document document.send.php canViewFile authorization
Jun 28, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-44281
HIGH
GLPI vulnerable to unauthorized reading of a specific asset object
Jun 03, 2026
EPSS 0.00
CVE-2026-42321
HIGH
GLPI has stored XSS in asset locks
Jun 03, 2026
EPSS 0.00
CVE-2026-42320
MEDIUM
GLPI vulnerable to arbitrary file access
Jun 03, 2026
EPSS 0.00
CVE-2026-42318
HIGH
GLPI Vulnerable to Arbitrary Item Deletion via Planning Endpoint
Jun 03, 2026
EPSS 0.00
CVE-2026-42317
HIGH
GLPI vulnerable to arbitrary files deletion by technician
Jun 03, 2026
EPSS 0.00
CVE-2026-40108
HIGH
GLPI Vulnerable to Stored XSS in ITIL Costs
Jun 02, 2026
EPSS 0.00
CVE-2026-5385
HIGH
GLPI 11.0.0 - Stored XSS in knowledge base
Jun 02, 2026
EPSS 0.00
CVE-2026-32312
MEDIUM
GLPI: Unauthorized export of form structure
May 19, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-29047
HIGH
GLPI 10.0.0-10.0.23 and 11.0.x Log Exports - Authenticated SQL Injection
Apr 06, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-26263
HIGH
GLPI 11.0.0-11.0.5 Search Engine - Unauthenticated SQL Injection
Apr 06, 2026
CVSS 8.1
EPSS 0.09
CVE-2026-26027
HIGH
GLPI 11.0.0-11.0.5 Inventory - Unauthenticated Stored Cross-Site Scripting
Apr 06, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-26026
CRITICAL
GLPI 11.0.0-11.0.5 Templates - Admin Remote Code Execution
Apr 06, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-25932
HIGH
GLPI has Stored XSS in Supplier 'Website' field
Apr 06, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-26001
HIGH
GLPI Inventory Plugin has SQL Injection on dropdown_calendar Report
Mar 18, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-25937
MEDIUM
GLPI 11.0.0-11.0.5 MFA - Authentication Bypass
Mar 18, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-25936
MEDIUM
GLPI Vulnerable to Authenticated SQL Injection
Mar 17, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-25590
MEDIUM
glpi_inventory < 1.6.6 - Reflected Cross-Site Scripting in Task Jobs
Mar 03, 2026
CVSS 4.5
EPSS 0.00
CVE-2026-22821
MEDIUM
more_reporting < 1.9.4 - SQL Injection via Date Change
Feb 12, 2026
CVSS 4.9
EPSS 0.00
CVE-2026-23624
MEDIUM
GLPI <10.0.23-11.0.5 - Info Disclosure
Feb 04, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-22247
MEDIUM
GLPI 11.0.0-11.0.4 - Authenticated Server-Side Request Forgery via Webhook Feature
Feb 04, 2026
CVSS 4.1
EPSS 0.00
CVE-2026-22044
MEDIUM
GLPI 0.85-10.0.22 - Authenticated SQL Injection
Feb 04, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-66417
HIGH
GLPI 11.0.0-11.0.2 - Unauthenticated SQL Injection via Inventory Endpoint
Jan 15, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-64516
HIGH
GLPI 10.0.0-10.0.20 - Unauthenticated Document Access via Public FAQ
Jan 15, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-64520
MEDIUM
GLPI 9.1.0-10.0.21 - Unauthenticated Knowledge Base Entry Access via API
Dec 16, 2025
CVSS 6.5
EPSS 0.00