glpi-project

218 tracked vulnerabilities.

CVE-2026-13490 LOW
glpi-project glpi Document document.send.php canViewFile authorization
Jun 28, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-44281 HIGH
GLPI vulnerable to unauthorized reading of a specific asset object
Jun 03, 2026
EPSS 0.00
CVE-2026-42321 HIGH
GLPI has stored XSS in asset locks
Jun 03, 2026
EPSS 0.00
CVE-2026-42320 MEDIUM
GLPI vulnerable to arbitrary file access
Jun 03, 2026
EPSS 0.00
CVE-2026-42318 HIGH
GLPI Vulnerable to Arbitrary Item Deletion via Planning Endpoint
Jun 03, 2026
EPSS 0.00
CVE-2026-42317 HIGH
GLPI vulnerable to arbitrary files deletion by technician
Jun 03, 2026
EPSS 0.00
CVE-2026-40108 HIGH
GLPI Vulnerable to Stored XSS in ITIL Costs
Jun 02, 2026
EPSS 0.00
CVE-2026-5385 HIGH
GLPI 11.0.0 - Stored XSS in knowledge base
Jun 02, 2026
EPSS 0.00
CVE-2026-32312 MEDIUM
GLPI: Unauthorized export of form structure
May 19, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-29047 HIGH
GLPI 10.0.0-10.0.23 and 11.0.x Log Exports - Authenticated SQL Injection
Apr 06, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-26263 HIGH
GLPI 11.0.0-11.0.5 Search Engine - Unauthenticated SQL Injection
Apr 06, 2026
CVSS 8.1
EPSS 0.09
CVE-2026-26027 HIGH
GLPI 11.0.0-11.0.5 Inventory - Unauthenticated Stored Cross-Site Scripting
Apr 06, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-26026 CRITICAL
GLPI 11.0.0-11.0.5 Templates - Admin Remote Code Execution
Apr 06, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-25932 HIGH
GLPI has Stored XSS in Supplier 'Website' field
Apr 06, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-26001 HIGH
GLPI Inventory Plugin has SQL Injection on dropdown_calendar Report
Mar 18, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-25937 MEDIUM
GLPI 11.0.0-11.0.5 MFA - Authentication Bypass
Mar 18, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-25936 MEDIUM
GLPI Vulnerable to Authenticated SQL Injection
Mar 17, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-25590 MEDIUM
glpi_inventory < 1.6.6 - Reflected Cross-Site Scripting in Task Jobs
Mar 03, 2026
CVSS 4.5
EPSS 0.00
CVE-2026-22821 MEDIUM
more_reporting < 1.9.4 - SQL Injection via Date Change
Feb 12, 2026
CVSS 4.9
EPSS 0.00
CVE-2026-23624 MEDIUM
GLPI <10.0.23-11.0.5 - Info Disclosure
Feb 04, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-22247 MEDIUM
GLPI 11.0.0-11.0.4 - Authenticated Server-Side Request Forgery via Webhook Feature
Feb 04, 2026
CVSS 4.1
EPSS 0.00
CVE-2026-22044 MEDIUM
GLPI 0.85-10.0.22 - Authenticated SQL Injection
Feb 04, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-66417 HIGH
GLPI 11.0.0-11.0.2 - Unauthenticated SQL Injection via Inventory Endpoint
Jan 15, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-64516 HIGH
GLPI 10.0.0-10.0.20 - Unauthenticated Document Access via Public FAQ
Jan 15, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-64520 MEDIUM
GLPI 9.1.0-10.0.21 - Unauthenticated Knowledge Base Entry Access via API
Dec 16, 2025
CVSS 6.5
EPSS 0.00